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bitsadmin getclientcertificate 
bitsadmin getcompletiontime 
bitsadmin getcreationtime 
bitsadmin getcustomheaders 
bitsadmin getdescription 
bitsadmin getdisplayname 
bitsadmin geterror 

bitsadmin geterrorcount 
bitsadmin getfilestotal 
bitsadmin getfilestransferred 
bitsadmin gethelpertokenflags 
bitsadmin gethelpertokensid 
bitsadmin gethttomethod 
bitsadmin getmaxdownloadtime 
bitsadmin getminretrydelay 
bitsadmin getmodificationtime 
bitsadmin getnoprogresstimeout 
bitsadmin getnotifycmdline 
bitsadmin getnotifyflags 
bitsadmin getnotifyinterface 
bitsadmin getowner 

bitsadmin getpeercachingflags 
bitsadmin getpriority 
bitsadmin getproxybypasslist 
bitsadmin getproxylist 
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bitsadmin reset 
bitsadmin resume 


bitsadmin setaclflag 
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bitsadmin setcredentials 
bitsadmin setcustomheaders 
bitsadmin setdescription 
bitsadmin setdisplayname 
bitsadmin sethelpertoken 
bitsadmin sethelpertokenflags 
bitsadmin sethttpmethod 
bitsadmin setmaxdownloadtime 
bitsadmin setminretrydelay 
bitsadmin setnoprogresstimeout 
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cacls 

call 

cd 

certreq 

certutil 

change 
change logon 
change port 
change user 

chcp 

chdir 

chglogon 

chgport 

chgusr 

chkdsk 

chkntfs 

choice 

cipher 

clean 


cleanmgr 


clip 

cls 

cmd 

cmdkey 

cmstp 

color 

comp 

compact 

compact vdisk 

convert 
convert basic 
convert dynamic 
convert gpt 
convert mbr 

copy 
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All supported versions of Windows (server and client) have a set of Win32 console commands built in. 


This set of documentation describes the Windows Commands you can use to automate tasks by using scripts or 
scripting tools. 


Prerequisites 
The information that is contained in this topic applies to: 


e Windows Server 2019 

e Windows Server (Semi-Annual Channel) 
e Windows Server 2016 

e Windows Server 2012 R2 

e Windows Server 2012 

e Windows Server 2008 R2 

e Windows Server 2008 

e Windows 10 

e Windows 8.1 


Command shell overview 


The Command shell was the first shell built into Windows to automate routine tasks, like user account management 
or nightly backups, with batch (.bat) files. With Windows Script Host you could run more sophisticated scripts in the 
Command shell. For more information, see cscript or wscript. You can perform operations more efficiently by using 
scripts than you can by using the user interface. Scripts accept all Commands that are available at the command 
line. 


Windows has two command shells: The Command shell and PowerShell. Each shell is a software program that 
provides direct communication between you and the operating system or application, providing an environment to 
automate IT operations. 


PowerShell was designed to extend the capabilities of the Command shell to run PowerShell commands called 
cmdlets. Cmdlets are similar to Windows Commands but provide a more extensible scripting language. You can run 
Windows Commands and PowerShell cmdlets in Powershell, but the Command shell can only run Windows 
Commands and not PowerShell cmdlets. 


For the most robust, up-to-date Windows automation, we recommend using PowerShell instead of Windows 
Commands or Windows Script Host for Windows automation. 


NOTE 


You can also download and install PowerShell Core, the open source version of PowerShell. 





Caution 
Incorrectly editing the registry may severely damage your system. Before making the following changes to the 
registry, you should back up any valued data on the computer. 





NOTE 
To enable or disable file and directory name completion in the Command shell on a computer or user logon session, run 
regedit.exe and set the following reg DWOrd value: 


HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\completionChar\reg_DWOrd 


To set the reg_DWOrd value, use the hexadecimal value of a control character for a particular function (for example, 0 9 is 
Tab and 0 08 is Backspace). User-specified settings take precedence over computer settings, and command-line options take 
precedence over registry settings. 





Command-line reference A-Z 


To find information about a specific command, in the following A-Z menu, click the letter that the command starts 
with, and then click the command name. 


A|B|C|D|E|FIG|H[I[J|K|LIM|N|[O|P|Q|RİS|T|U|V|W|X|YIZ 


A 

e active 

e add 

e add alias 

e add volume 

e append 

e arp 

e assign 

e assoc 

e at 

e atmadm 

e attach-vdisk 

e attrib 

e attributes 
o attributes disk 
o attributes volume 

e auditpol 
o auditpol backup 
o auditpol clear 
o auditpol get 
o auditpol list 
o auditpol remove 
o auditpol resourcesacl 
o auditpol restore 
o auditpol set 

e autochk 

e autoconv 

e autofmt 


e automount 


e bcdboot 


e bcdedit 
e bdehdcfg 


o 


o 


o 


o 


o 


o 


bdehdcfg driveinfo 
bdehdcfg newdriveletter 
bdehdcfg quiet 
bdehdcfg restart 
bdehdcfg size 

bdehdcfg target 


e begin backup 


e begin restore 


bitsadmin 


o 


o 


o 


bitsadmin addfile 

bitsadmin addfileset 

bitsadmin addfilewithranges 
bitsadmin cache 

o bitsadmin cache and delete 
o bitsadmin cache and deleteur| 
o bitsadmin cache and getexpirationtime 
o bitsadmin cache and getlimit 
o bitsadmin cache and help 

o bitsadmin cache and info 

o bitsadmin cache and list 

o bitsadmin cache and setexpirationtime 
o bitsadmin cache and setlimit 
o bitsadmin cache and clear 
bitsadmin cancel 

bitsadmin complete 

bitsadmin create 

bitsadmin examples 

bitsadmin getaclflags 

bitsadmin getbytestotal 
bitsadmin getbytestransferred 
bitsadmin getclientcertificate 
bitsadmin getcompletiontime 
bitsadmin getcreationtime 
bitsadmin getcustomheaders 
bitsadmin getdescription 
bitsadmin getdisplayname 
bitsadmin geterror 

bitsadmin geterrorcount 
bitsadmin getfilestotal 
bitsadmin getfilestransferred 
bitsadmin gethelpertokenflags 
bitsadmin gethelpertokensid 
bitsadmin gethttpmethod 


bitsadmin getmaxdownloadtime 


bitsadmin getminretrydelay 
bitsadmin getmodificationtime 
bitsadmin getnoprogresstimeout 
bitsadmin getnotifycmdline 
bitsadmin getnotifyflags 

bitsadmin getnotifyinterface 
bitsadmin getowner 

bitsadmin getpeercachingflags 
bitsadmin getpriority 

bitsadmin getproxybypasslist 
bitsadmin getproxylist 

bitsadmin getproxyusage 
bitsadmin getreplydata 

bitsadmin getreplyfilename 
bitsadmin getreplyprogress 
bitsadmin getsecurityflags 
bitsadmin getstate 

bitsadmin gettemporaryname 
bitsadmin gettype 

bitsadmin getvalidationstate 
bitsadmin help 

bitsadmin info 

bitsadmin list 

bitsadmin listfiles 

bitsadmin makecustomheaderswriteonly 
bitsadmin monitor 

bitsadmin nowrap 

bitsadmin peercaching 

o bitsadmin peercaching and getconfigurationflags 
o bitsadmin peercaching and help 
o bitsadmin peercaching and setconfigurationflags 
bitsadmin peers 

o bitsadmin peers and clear 

o bitsadmin peers and discover 

o bitsadmin peers and help 

o bitsadmin peers and list 
bitsadmin rawreturn 

bitsadmin removeclientcertificate 
bitsadmin removecredentials 
bitsadmin replaceremoteprefix 
bitsadmin reset 

bitsadmin resume 

bitsadmin setaclflag 

bitsadmin setclientcertificatebyid 
bitsadmin setclientcertificatebyname 


bitsadmin setcredentials 


o 


bitsadmin setcustomheaders 
bitsadmin setdescription 
bitsadmin setdisplayname 
bitsadmin sethelpertoken 
bitsadmin sethelpertokenflags 
bitsadmin sethttomethod 
bitsadmin setmaxdownloadtime 
bitsadmin setminretrydelay 
bitsadmin setnoprogresstimeout 
bitsadmin setnotifycmdline 
bitsadmin setnotifyflags 
bitsadmin setpeercachingflags 
bitsadmin setpriority 

bitsadmin setproxysettings 
bitsadmin setreplyfilename 
bitsadmin setsecurityflags 
bitsadmin setvalidationstate 
bitsadmin suspend 

bitsadmin takeownership 
bitsadmin transfer 

bitsadmin util 

o bitsadmin util and enableanalyticchannel 
o bitsadmin util and getieproxy 
o bitsadmin util and help 

o bitsadmin util and repairservice 
o bitsadmin util and setieproxy 
o bitsadmin util and version 


bitsadmin wrap 


bootcfg 


o 


o 


o 


[0] 


o 


bootcfg addsw 
bootcfg copy 
bootcfg dbg1394 
bootcfg debug 
bootcfg default 
bootcfg delete 
bootcfg ems 
bootcfg query 
bootcfg raw 
bootcfg rmsw 


bootcfg timeout 


break 


cacls 


call 
cd 


certreq 


certutil 

change 

o change logon 

o change port 

o change user 

chcp 

chdir 

chglogon 

chgport 

chgusr 

chkdsk 

chkntfs 

choice 

cipher 

clean 

cleanmgr 

clip 

cls 

cmd 

cmdkey 

cmstp 

color 

comp 

compact 

compact vdisk 

convert 

o convert basic 

o convert dynamic 

o convert gpt 

o convert mbr 

copy 

cprofile 

create 

o create partition efi 

o [create partition extended 
o create partition logical 
o create partition msr 
o create partition primary 
o create volume mirror 
o create volume raid 

o create volume simple 
o create volume stripe 


cscript 


date 
dcgpofix 


defrag 

del 

delete 

delete disk 


[0] 


o delete partition 


delete shadows 


[0] 


o delete volume 
detach vdisk 
detail 

detail disk 

o detail partition 
detail vdisk 


o 


o 


o detail volume 
dfsdiag 

o dfsdiag testdcs 

o dfsdiag testdfsconfig 
o dfsdiag testdfsintegrity 
o dfsdiag testreferral 
o dfsdiag testsites 
dfsrmig 

diantz 

dir 

diskcomp 

diskcopy 

diskpart 

diskperf 

diskraid 

diskshadow 

dispdiag 

dnscmd 

doskey 


driverquery 


echo 

edit 
endlocal 
end restore 
erase 
eventcreate 
eventquery 
eventtriggers 
Evntcmd 
exec 

exit 

expand 


expand vdisk 


expose 
extend 


extract 


fc 

filesystems 

find 

findstr 

finger 

flattemp 

fondue 

for 

forfiles 

format 

freedisk 

fsutil 

o fsutil 8dot3name 
o fsutil behavior 
o fsutil dirty 

o fsutil file 

o fsutil fsinfo 

o fsutil hardlink 

o fsutil objectid 

o fsutil quota 

o fsutil repair 

o fsutil reparsepoint 
o fsutil resource 

o fsutil sparse 

o fsutil tiering 

o fsutil transaction 
o fsutil usn 

o fsutil volume 


o fsutil wim 


o ftp append 
o ftp ascii 

o ftp bell 

o ftp binary 
o ftp bye 

o ftp cd 

o ftp close 

o ftp debug 
o ftp delete 
o ftpdir 

o ftp disconnect 


o ftp get 


o ftp glob 

o ftp hash 

o ftp Icd 

o ftp literal 
o ftp ls 

o ftp mget 
o ftp mkdir 
o ftp mls 

o ftp mput 
o ftp open 

o ftp prompt 
o ftp put 

o ftp pwd 

o ftp quit 

o ftp quote 
o ftp recv 

o ftp remotehelp 
o ftp rename 
o ftp rmdir 
o ftp send 

o ftp status 
o ftp trace 

o ftp type 

o ftp user 

o ftp verbose 
o ftp mdelete 
o ftp mdir 
ftype 
fveupdate 


getmac 
gettype 
goto 
gpfixup 
gpresult 
gpt 
gpupdate 
graftabl 


help 
helpctr 


hostname 


icacls 
if 


import (shadowdisk) 
import (diskpart) 
inactive 

inuse 

ipconfig 

ipxroute 


irftp 


jetpack 


klist 

ksetup 

o ksetup addenctypeattr 

o ksetup addhosttorealmmap 
o ksetup addkdc 

o ksetup addkpasswd 

o ksetup addrealmflags 

o ksetup changepassword 
o ksetup delenctypeattr 

o ksetup delhosttorealmmap 
o ksetup delkdc 

o ksetup delkpasswd 

o ksetup delrealmflags 

o ksetup domain 

o ksetup dumpstate 

o ksetup getenctypeattr 

o ksetup listrealmflags 

o ksetup mapuser 

o ksetup removerealm 

o ksetup server 

o ksetup setcomputerpassword 
o ksetup setenctypeattr 

o ksetup setrealm 

o ksetup setrealmflags 
ktmutil 

ktpass 


label 

list 

o list providers 
o list shadows 
o list writers 
load metadata 
lodctr 


logman 


o logman create 

o logman create alert 

© logman create api 

© logman create cfg 

o logman create counter 

o logman create trace 

o logman delete 

o logman import and logman export 
o logman query 

o logman start and logman stop 
o logman update 

o logman update alert 

o logman update api 

o logman update cfg 

o logman update counter 

o logman update trace 

logoff 

lpq 

lpr 


macfile 

makecab 

manage bde 

© manage bde status 

© manage bde on 

o manage bde off 

o manage bde pause 

o manage bde resume 

o manage bde lock 

o manage bde unlock 

o manage bde autounlock 

o manage bde protectors 

o manage bde tpm 

o manage bde setidentifier 

o manage bde forcerecovery 
o manage bde changepassword 
o manage bde changepin 

o manage bde changekey 

o manage bde keypackage 

o manage bde upgrade 

o manage bde wipefreespace 
mapadmin 

md 

merge vdisk 

mkdir 

mklink 


mmc 
mode 
more 
mount 
mountvol 
move 
maqbkup 
mqasvc 
mqatgsvc 
msdt 
msg 
msiexec 
msinfo32 


mstsc 


nbtstat 

netcfg 

net print 

netsh 

netstat 

nfsadmin 

nfsshare 

nfsstat 

nlbmgr 

nslookup 

© nslookup exit Command 
o nslookup finger Command 
o nslookup help 

o nslookup Is 

o nslookup Iserver 

o nslookup root 

o nslookup server 

o nslookup set 

o nslookup set all 

o nslookup set class 

o nslookup set d2 

o nslookup set debug 

o nslookup set domain 

o nslookup set port 

o nslookup set querytype 
o nslookup set recurse 

o nslookup set retry 

o nslookup set root 

o nslookup set search 

o nslookup set srchlist 


o nslookup set timeout 


© nslookup set type 
o nslookup set vc 

o nslookup view 
ntbackup 
ntcmdprompt 


ntfrsutl 


offline 

o offline disk 

o offline volume 
online 

o online disk 

o online volume 


openfiles 


pagefileconfig 
path 

pathping 
pause 
pbadmin 
pentnt 
perfmon 

ping 
pnpunattend 
pnputil 

popd 
powershell 
powershell ise 
print 

prncnfg 
prndrvr 
prnjobs 
prnmngr 
prnport 
prnqactl 
prompt 
pubprn 

pushd 
pushprinterconnections 


pwlauncher 


qappsrv 
qprocess 

query 

© query process 


© query session 

o query termserver 
© query user 

quser 


qwinsta 


rcp 
rd 

rdpsign 

recover 

recover disk group 
refsutil 

reg 

© reg add 

o reg compare 
o reg copy 

o reg delete 

o reg export 
© reg import 
o reg load 

o reg query 

o reg restore 
o reg save 

© reg unload 
regini 

regsvr32 

relog 

rem 

remove 

ren 

rename 

repair 

o repair bde 
replace 

rescan 

reset 

© reset session 
retain 

revert 

rexec 

risetup 

rmdir 
robocopy 

route ws2008 
rpcinfo 


rpcping 


rsh 
rundll32 
rundll32 printui 


rwinsta 


san 
sc config 

sc create 

sc delete 

sc query 

schtasks 

scwcmd 

© scwcmd analyze 

© scwcmd configure 

© scwcmd register 

© scwcmd rollback 

© scwcmd transform 

© scwcmd view 

secedit 

o secedit analyze 

o secedit configure 

o secedit export 

o secedit generaterollback 
o secedit import 


secedit validate 


Oo 


select 

o select disk 

o select partition 
o select vdisk 

o select volume 
serverceipoptin 
servermanagercmd 
serverweroptin 

set environmental variables 
set shadow copy 

o set context 

o setid 

o setlocal 

o set metadata 

© set option 

o set verbose 
setx 

sfc 

shadow 

shift 


showmount 


shrink 

shutdown 

simulate restore 

sort 

start 

subcommand set device 
subcommand set drivergroup 
subcommand set drivergroupfilter 
subcommand set driverpackage 
subcommand set image 
subcommand set imagegroup 
subcommand set server 
subcommand set transportserver 
subcommand set multicasttransmission 
subcommand start namespace 
subcommand start server 
subcommand start transportserver 
subcommand stop server 
subcommand stop transportserver 
subst 

sxstrace 

sysocmgr 


systeminfo 


takeown 
tapicfg 

taskkill 

tasklist 
tcmsetup 
telnet 

© telnet close 
o telnet display 
© telnet open 
o telnet quit 
o telnet send 
© telnet set 

o telnet status 
o telnet unset 
tftp 

time 

timeout 

title 

tIntadmn 
tpmtool 
tpmvscmgr 


tracerpt 


tracert 
tree 
tscon 
tsdiscon 
tsecimp 
tskill 
tsprof 
type 
typeperf 
tzutil 


unexpose 
uniqueid 


unlodctr 


ver 
verifier 

verify 

vol 

vssadmin 

o vssadmin delete shadows 
o vssadmin list shadows 

o vssadmin list writers 


o vssadmin resize shadowstorage 


waitfor 

wbadmin 

© wbadmin delete catalog 

o wbadmin delete systemstatebackup 
o wbadmin disable backup 

o wbadmin enable backup 

o wbadmin get disks 

o wbadmin get items 

o wbadmin get status 

o wbadmin get versions 

o wbadmin restore catalog 

o wbadmin start backup 

o wbadmin start recovery 

o wbadmin start sysrecovery 

o wbadmin start systemstatebackup 
o wbadmin start systemstaterecovery 
o wbadmin stop job 

wdsutil 

wecutil 


wevtutil 


where 

whoami 

winnt 

winnt32 
winpop 

winrs 

winsat mem 
winsat mfmedia 
wmic 

writer 


wscript 


xcopy 


Command- 
line syntax 
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The following table describes 
the notation used to indicate 
command-line syntax. 


NOTATION DESCRIPTION 
Text without Items you 
brackets or must type as 
braces shown. 
«Text Placeholder 
incide for which you 
angle | 
brackets> must supply a 
value. 
[Text Optional 
inside items. 
square 
brackets] 
{Text Set of required 
inside items. You 
braces} 
must choose 
one. 
Vertical bar Separator for 
(|) mutually 
exclusive 
items. You 
must choose 
one. 
Ellipsis (...) Items that can 
be repeated 
and used 


multiple times. 


Commands by Server role 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


A server role describes the primary function of the server. Administrators can choose to dedicate an entire server to 
one role, or install multiple server roles and sub-roles on a single computer. Each role might include additional 


command-line tools, installed as part of the role. The following topics provide a list of commands associated with 
each server role. 


e Print Command Reference 
e Services for Network File System Command Reference 
e Remote Desktop Services (Terminal Services) Command Reference 


e Windows Server Backup Command Reference 


Print command-line tool reference 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Information and links to each of the associated print command-line tools: 


COMMAND 


Ipq 


lpr 


Net print 


print 


prncnfg 


prndrvr 


prnjobs 


prnmngr 


prnport 


prnqctl 


pubprn 


rundll32 printui.dll,printUlEntry 


DESCRIPTION 


Displays the status of a print queue on a computer running 
Line printer Daemon (LPD). 


Sends a file to a computer or printer sharing device running 
the Line printer Daemon (LPD) service in preparation for 
printing. 


Displays information about a specified printer queue, displays 
information about a specified print job, or controls a specified 
print job. 


Sends a text file to a printer. 


Configures or displays configuration information about a 
printer. 


Adds, deletes, and lists printer drivers. 


Pauses, resumes, cancels, and lists print jobs. 


Adds, deletes, and lists printers or printer connections, in 
addition to setting and displaying the default printer. 


Creates, deletes, and lists standard TCP/IP printer ports, in 
addition to displaying and changing port configuration. 


Prints a test page, pauses or resumes a printer, and clears a 
printer queue. 


Publishes a printer to the active directory directory service. 


Enables you to automate the installation and configuration of 
printers using scripts or the command prompt. 


Services for Network File System command-line tools 
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Services for Network File System (NFS) provides a file sharing solution that lets you transfer files between 
computers running Windows Server and UNIX operating systems using the NFS protocol. 


Information and links to each of the associated NFS command-line tools: 
COMMAND DESCRIPTION 


mapadmin Manage User Name Mapping for Microsoft Services for 
Network File System. 


mount Mount Network File System (NFS) network shares. 
nfsadmin Manage Server for NFS and Client for NFS. 

nfsshare Control Network File System (NFS) shares. 

nfsstat Display or reset counts of calls made to Server for NFS. 
rpcinfo List programs on remote computers. 

showmount Display mounted directories. 


Additional References 


e Command-Line Syntax Key 


Remote Desktop Services (Terminal Services) 


command-line tools reference 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, 


Windows Server 2012 R2, Windows Server 2012 


Learn about the available Remote Desktop Services (Terminal Services) command-line tools, with descriptions 


and links for more detailed information. 





NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 





COMMAND 


change 


change logon 


change port 


change user 


chglogon 


chgport 


chgusr 


flattemp 


logoff 


msg 


mstsc 


DESCRIPTION 


Changes the Remote Desktop Session Host server settings 
for sign in, COM port mappings, and install mode. 


Enables or disables logons from client sessions on an 
Remote Desktop Session Host server, or displays current 
logon status. 


Lists or changes the COM port mappings to be compatible 
with MS-DOS applications. 


Changes the install mode for the Remote Desktop Session 
Host server. 


Enables or disables logons from client sessions on an 
Remote Desktop Session Host server, or displays current 
logon status. 


Lists or changes the COM port mappings to be compatible 
with MS-DOS applications. 


Changes the install mode for the Remote Desktop Session 
Host server. 


Enables or disables flat temporary folders. 


Signs out a user from a session on an Remote Desktop 
Session Host server and deletes the session from the server. 


Sends a message to a user on an Remote Desktop Session 
Host server. 


Creates connections to Remote Desktop Session Host 
servers or other remote computers. 





COMMAND 


gappsrv 


qprocess 


query 


query process 


query session 


query termserver 


query user 


quser 


qwinsta 


rdpsign 


reset session 


rwinsta 


shadow 


tscon 


tsdiscon 


tskill 


tsprof 


Additional References 


DESCRIPTION 


Displays a list of all Remote Desktop Session Host servers on 
the network. 


Displays information about processes that are running on an 
Remote Desktop Session Host server. 


Displays information about processes, sessions, and Remote 
Desktop Session Host servers. 


Displays information about processes that are running on an 
Remote Desktop Session Host server. 


Displays information about sessions on an Remote Desktop 
Session Host server. 


Displays a list of all Remote Desktop Session Host servers on 
the network. 


Displays information about user sessions on an Remote 
Desktop Session Host server. 


Displays information about user sessions on an Remote 
Desktop Session Host server. 


Displays information about sessions on an Remote Desktop 
Session Host server. 


Enables you to digitally sign a Remote Desktop Protocol 
(.rdp) file. 


Enables you to reset (delete) a session on an Remote 
Desktop Session Host server. 


Enables you to reset (delete) a session on an Remote 
Desktop Session Host server. 


Enables you to remotely control an active session of another 
user on an Remote Desktop Session Host server. 


Connects to another session on an Remote Desktop Session 
Host server. 


Disconnects a session from an Remote Desktop Session Host 
server. 


Ends a process running in a session on an Remote Desktop 
Session Host server. 


Copies the Remote Desktop Services user configuration 
information from one user to another. 


e Command-Line Syntax Key 


Windows Server Backup Command Reference 
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The following subcommands for wbadmin provide backup and recovery functionality from a command prompt. 


To configure a backup schedule, you must be a member of the Administrators group. To perform all other tasks 
with this command, you must be a member of the Backup Operators or the Administrators group, or you must 
have been delegated the appropriate permissions. 


You must run wbadmin from an elevated command prompt. (To open an elevated command prompt, click Start, 
right-click Command Prompt, and then click Run as administrator.) 


SUBCOMMAND 


Wbadmin enable backup 


Wbadmin disable backup 


Wbadmin start backup 


Wbadmin stop job 


Wbadmin get versions 


Wbadmin get items 


Wbadmin start recovery 


Wbadmin get status 


Wbadmin get disks 


Wbadmin start systemstaterecovery 


Wbadmin start systemstatebackup 


Wbadmin delete systemstatebackup 


Wbadmin start sysrecovery 


Wbadmin restore catalog 


DESCRIPTION 


Configures and enables a daily backup schedule. 


Disables your daily backups. 


Runs a one-time backup. If used with no parameters, uses the 
settings from the daily backup schedule. 


Stops the currently running backup or recovery operation. 


Lists details of backups recoverable from the local computer 
or, if another location is specified, from another computer. 


Lists the items included in a specific backup. 


Runs a recovery of the volumes, applications, files, or folders 
specified. 


Shows the status of the currently running backup or recovery 
operation. 


Lists disks that are currently online. 


Runs a system state recovery. 


Runs a system state backup. 


Deletes one or more system state backups. 


Runs a recovery of the full system (at least all the volumes 
that contain the operating system's state). This subcommand 
is only available if you are using the Windows Recovery 
Environment. 


Recovers a backup catalog from a specified storage location in 
the case where the backup catalog on the local computer has 
been corrupted. 


SUBCOMMAND 


Wbadmin delete catalog 


DESCRIPTION 


Deletes the backup catalog on the local computer. Use this 
command only if the backup catalog on this computer is 
corrupted and you have no backups stored at another 
location that you can use to restore the catalog. 


active 
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On basic disks, marks the partition with focus as active. Only partitions can be marked as active. A partition must 
be selected for this operation to succeed. Use the select partition command to select a partition and shift the 
focus to it. 


Caution 

DiskPart only informs the basic input/output system (BIOS) or Extensible Firmware Interface (EFI) that the partition 
or volume is a valid system partition or system volume, and is capable of containing the operating system startup 
files. DiskPart does not check the contents of the partition. If you mistakenly mark a partition as active and it does 
not contain the operating system startup files, your computer might not start. 


Syntax 


active 


Examples 


To mark the partition with focus as the active partition, type: 


active 


Additional References 
e Command-Line Syntax Key 


e select partition command 


add 
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Adds volumes to the set of volumes that are to be shadow copied, or adds aliases to the alias environment. If used 
without subcommands, add lists the current volumes and aliases. 


NOTE 


Aliases are not added to the alias environment until the shadow copy is created. Aliases that you need immediately should 
be added by using add alias. 





Syntax 


add 
add volume <volume> [provider <providerid>] 
add alias <aliasname> <aliasvalue> 


Parameters 
PARAMETER DESCRIPTION 
volume Adds a volume to the Shadow Copy Set, which is the set of 
volumes to be shadow copied. See add volume for syntax and 
parameters. 
alias Adds the given name and value to the alias environment. See 
add alias for syntax and parameters. 
R Displays help at the command line. 
Examples 


To display the volumes added and the aliases that are currently in the environment, type: 


add 


The following output shows that drive C has been added to the Shadow Copy Set: 


Volume c: alias System1 GUID \\?\Wolume{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}\ 
1 volume in Shadow Copy Set. 
No Diskshadow aliases in the environment. 


Additional References 


e Command-Line Syntax Key 


add alias 
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Adds aliases to the alias environment. If used without parameters, add alias displays help at the command 
prompt. Aliases are saved in the metadata file and will be loaded with the load metadata command. 


Syntax 


add alias <aliasname> <aliasvalue> 


Parameters 


PARAMETER 


<aliasname> 


<aliasvalue> 


Examples 


To list all shadows, including their aliases, type: 


list shadows all 


DESCRIPTION 


Specifies the name of the alias. 


Specifies the value of the alias. 


Displays help at the command prompt. 


The following excerpt shows a shadow copy to which the default alias, VSS_SHADOW x, has been assigned: 


* Shadow Copy ID = (ff47165a-1946-4aØc-b7f4-80f46a309278) 


%VSS_SHADOW_1% 


To assign a new alias with the name System7 to this shadow copy, type: 


add alias Systemi %VSS SHADOW 1% 


Alternatively, you can assign the alias by using the shadow copy ID: 


add alias Systeml (ff47165a-1946-4aØc-b7f4-80f46a309278) 


Additional References 


e Command-Line Syntax Key 


e load metadata command 


add volume 
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Adds volumes to the Shadow Copy Set, which is the set of volumes to be shadow copied. When a shadow copy is 
created, an environment variable links the alias to the shadow ID, so the alias can then be used for scripting. 


Volumes are added one at a time. Each time a volume is added, it's checked to make sure VSS supports shadow 
copy creation for that volume. This check can be invalidated by later use of the set context command. 


This command is necessary to create shadow copies. If used without parameters, add volume displays help at the 


command prompt. 


Syntax 


add volume <volume> [provider <providerid>] 


Parameters 
PARAMETER DESCRIPTION 
<volume> Specifies a volume to add to the Shadow Copy Set. At least 
one volume is required for shadow copy creation. 
[provider \<providerid>] Specifies the Provider ID for a registered provider to use to 
create the shadow copy. If provider is not specified, the 
default provider is used. 
Examples 


To view the current list of registered providers, at the diskshadow> prompt, type: 
list providers 
The following output displays a single provider, which will be used by default: 


* ProviderID: {b5946137-7b9f-4925-af80-51abd60b20d5} 
Type: [1] VSS PROV SYSTEM 
Name: Microsoft Software Shadow Copy provider 1.0 
Version: 1.0.0.7 
CLSID: (65eeldba-8ff4-4a58-ac1c-347Øee2f376a) 

1 provider registered. 


To add drive C: to the Shadow Copy Set and assign an alias named System 1, type: 


add volume c: alias System1 


Additional References 


e Command-Line Syntax Key 


e set context command 


append 
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Allows programs to open data files in specified directories as if they were in the current directory. If used without 
parameters, append displays the appended directory list. 





NOTE 


This command not supported in Windows 10. 





Syntax 


append [[<drive>:]<path>[;...]] [/x[:on|:off]] [/path:[:on]:off] [/e] 


append ; 
Parameters 
PARAMETER DESCRIPTION 
[\<drive>:]<path> Specifies a drive and directory to append. 

/xon Applies appended directories to file searches and launching 
applications. 

/xoff Applies appended directories only to requests to open files. 
The /x:off option is the default setting. 

/path:on Applies appended directories to file requests that already 
specify a path. /path:on is the default setting. 

/path:off Turns off the effect of /path:on. 

/e Stores a copy of the appended directory list in an environment 
variable named APPEND. /e may be used only the first time 
you use append after starting your system. 

; Clears the appended directory list. 

/? Displays help at the command prompt. 

Examples 


To clear the appended directory list, type: 


append ; 


To store a copy of the appended directory to an environment variable named append, type: 


append /e 


Additional References 


e Command-Line Syntax Key 


arp 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays and modifies entries in the Address Resolution Protocol (ARP) cache. The ARP cache contains one or more 
tables that are used to store IP addresses and their resolved Ethernet or Token Ring physical addresses. There is a 
separate table for each Ethernet or Token Ring network adapter installed on your computer. Used without 
parameters, arp displays help information. 


Syntax 


arp [/a [<inetaddr>] [/n <ifaceaddr>]] [/g [<inetaddr>] [-n <ifaceaddr>]] [/d <inetaddr> [<ifaceaddr>]] [/s 
<inetaddr> <etheraddr> [<ifaceaddr>]] 


Parameters 


PARAMETER DESCRIPTION 


[/a [<inetaddr>] [/n <ifaceaddr>] Displays current arp cache tables for all interfaces. The /n 
parameter is case-sensitive. To display the arp cache entry for 
a specific IP address, use arp /a with the inetaddr parameter, 
where inetaddr is an IP address. If inetaddr is not specified, 
the first applicable interface is used. To display the arp cache 
table for a specific interface, use the /n ifaceaddr parameter 
in conjunction with the /a parameter where inetaddr is the IP 
address assigned to the interface. 


[/g [<inetaddr>] [/n <ifaceaddr>] Identical to /a. 


[/d <inetaddr> [<ifaceaddr>] Deletes an entry with a specific IP address, where inetaddr is 
the IP address. To delete an entry in a table for a specific 
interface, use the ifaceaddr parameter where ifaceaddr is 
the IP address assigned to the interface. To delete all entries, 
use the asterisk (*) wildcard character in place of inetaddr. 


[/s <inetaddr> <etheraddr> [<ifaceaddr>] Adds a static entry to the arp cache that resolves the IP 
address inetaddr to the physical address etheraddr. To add 
a static arp cache entry to the table for a specific interface, use 
the ifaceaddr parameter where ifaceaddr is an IP address 
assigned to the interface. 


/? Displays help at the command prompt. 
Remarks 


e The IP addresses for inetaddr and ifaceaddr are expressed in dotted decimal notation. 


e The physical address for etheraddr consists of six bytes expressed in hexadecimal notation and separated 
by hyphens (for example, 00-AA-00-4F-2A-9C). 


e Entries added with the /s parameter are static and do not time out of the arp cache. The entries are removed 


if the TCP/IP protocol is stopped and started. To create permanent static arp cache entries, place the 
appropriate arp commands in a batch file and use Scheduled Tasks to run the batch file at startup. 


Examples 


To display the arp cache tables for all interfaces, type: 
arp /a 

To display the arp cache table for the interface that is assigned the IP address 70.0.0.99, type: 
arp /a /n 10.0.0.99 


To add a static arp cache entry that resolves the IP address 70.0.0.80 to the physical address 00-AA-00-4F-2A-9C, 
type: 


arp /S 10.0.0.8@ @0-AA-00-4F-2A-9C 


Additional References 


e Command-Line Syntax Key 


assign 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Assigns a drive letter or mount point to the volume with focus. You can also use this command to change the drive 


letter associated with a removable drive. If no drive letter or mount point is specified, the next available drive letter 


is assigned. If the drive letter or mount point is already in use, an error is generated. 


A volume must be selected for this operation to succeed. Use the select volume command to select a volume and 
shift the focus to it. 





IMPORTANT 


You can't assign drive letters to system volumes, boot volumes, or volumes that contain the paging file. In addition, you 


cannot assign a drive letter to an Original Equipment Manufacturer (OEM) partition or any GUID Partition Table (gpt) 


partition other than a basic data partition. 





Syntax 


assign [{letter=<d> | mount=<path>}] [noerr] 


Parameters 


PARAMETER 


letter=<d> 


mount=<path> 


noerr 


Examples 


To assign the letter E to the volume in focus, type: 


assign letter=e 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


The drive letter you want to assign to the volume. 


The mount point path you want to assign to the volume. For 
instructions about how to use this command, see Assign a 
mount point folder path to a drive. 


For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 


e select volume command 


ASSOC 
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Displays or modifies file name extension associations. If used without parameters, assoc displays a list of all the 
current file name extension associations. 





NOTE 


This command is only supported within cmd.exe and is not available from PowerShell. Though you can use cmd /c assoc as 


a workaround. 





Syntax 


assoc [<.ext>[=[<filetype>]]] 


Parameters 
PARAMETER DESCRIPTION 
<.ext> Specifies the file name extension. 
<filetype> Specifies the file type to associate with the specified file name 
extension. 
/? Displays help at the command prompt. 
Remarks 


e To remove the file type association for a file name extension, add a white space after the equal sign by 
pressing the SPACEBAR. 


e To view current file types that have open command strings defined, use the ftype command. 


e To redirect the output of assoc to a text file, use the > redirection operator. 


Examples 


To view the current file type association for the file name extension txt, type: 
assoc .txt 
To remove the file type association for the file name extension .bak, type: 


assoc .bak= 





NOTE 


Make sure you add a space after the equal sign. 





To view the output of assoc one screen at a time, type: 
assoc more 
To send the output of assoc to the file assoc.txt, type: 


assoc>assoc.txt 


Additional References 
e Command-Line Syntax Key 


e ftype command 


at 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Schedules commands and programs to run on a computer at a specified time and date. You can use at only when 


the Schedule service is running. Used without parameters, at lists scheduled commands. You must be a member of 


the local Administrators group to run this command. 


Syntax 


at [\computername] [[id] [/delete] | /delete [/yes]] 


at [\computername] <time> [/interactive] [/every:date[,. 


Parameters 


PARAMETER 


\<computername\> 


<id> 


/delete 


/yes 


<time> 


interactive 


every: 


<date> 


+.] | /next:date[,...]] <command> 


DESCRIPTION 


Specifies a remote computer. If you omit this parameter, at 
schedules the commands and programs on the local 
computer. 


Specifies the identification number assigned to a scheduled 
command. 


Cancels a scheduled command. If you omit /D, all of the 
scheduled commands on the computer are canceled. 


Answers yes to all queries from the system when you delete 
scheduled events. 


Specifies the time when you want to run the command. time is 
expressed as Hours:Minutes in 24-hour notation (that is, 
00:00 (midnight) through 23:59). 


Allows command to interact with the desktop of the user who 
is logged on at the time Command runs. 


Runs command on every specified day or days of the week or 
month (for example, every Thursday, or the third day of every 
month). 


Specifies the date when you want to run the command. You 
can specify one or more days of the week (that is, type 
M,TW,Th,F,S,Su) or one or more days of the month (that is, 
type 1 through 31). Separate multiple date entries with 
commas. If you omit date at uses the current day of the 
month. 


PARAMETER 


next: 


<command> 


[£ 


Remarks 


DESCRIPTION 


Runs command on the next occurrence of the day (for 
example, next Thursday). 


Specifies the Windows command, program (that is, .exe or 
.com file), or batch program (that is, .bat or .cmd file) that you 
want to run. When the command requires a path as an 
argument, use the absolute path (that is, the entire path 
beginning with the drive letter). If the command is on a 
remote computer, specify Universal Naming Convention (UNC) 
notation for the server and share name, rather than a remote 
drive letter. 


Displays help at the command prompt. 


e This command doesn't automatically load cmd.exe before running commands. If you're not running an 


executable (.exe) file, you must explicitly load cmd.exe at the beginning of the command as follows: 


cmd /c dir > c:\test.out 


e |f using this command without command-line options, scheduled tasks appear in a table formatted similar 


to the following: 


Status ID Day 


OK 1 Each F 
OK 2 Each M 
OK 3 Each F 


time 

4:30 PM 
12:00 AM 
11:59 PM 


Command Line 

net send group leads status due 
chkstor > check.file 
backup2.bat 


e If including an identification number (/D) with this command, only information for a single entry appears in 


a format similar to the following: 


Task ID: 1 
Status: OK 
Schedule: Each F 


Time of Day: 4:30 PM 


Command: net send group leads status due 


e After you schedule a command, especially a command that has command-line options, check that the 


command syntax is correct by typing at without any command-line options. If the information in the 


Command Line column is wrong, delete the command and retype it. If it's still incorrect, retype the 


command using fewer command-line options. 


e Commands scheduled with at run as background processes. Output is not displayed on the computer 


screen. To redirect output to a file, use the redirection symbol > . If you redirect output to a file, you need to 


use the escape symbol * before the redirection symbol, whether you are using at at the command line or 


in a batch file. For example, to redirect output to output txt, type: 


at 14:45 c:\test.bat *>c:\output.txt 


The current directory for the executing command is the systemroot folder. 


e If you change the system time after you schedule a command to run, synchronize the at scheduler with the 


revised system time by typing at without command-line options. 


e Scheduled commands are stored in the registry. As a result, you don't lose scheduled tasks if you restart the 
Schedule service. 


e Do not use a redirected drive for scheduled jobs that access the network. The Schedule service might not be 
able to access the redirected drive, or the redirected drive might not be present if a different user is logged 
on at the time the scheduled task runs. Instead, use UNC paths for scheduled jobs. For example: 


at 1:00pm my_backup \\server\share 


Do not use the following syntax, where x: is a connection made by the user: 


at 1:00pm my_backup x: 


If you schedule an at command that uses a drive letter to connect to a shared directory, include an at 
command to disconnect the drive when you are finished using the drive. If the drive is not disconnected, the 
assigned drive letter won't be available at the command prompt. 


e By default, tasks scheduled using this command will stop after 72 hours. You can modify the registry to 
change this default value. 


To modify the registry 


Caution 
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, 
you should back up any valued data on the computer. 


1. Start the registry editor (regedit.exe). 


2. Locate and click the following key in the registry: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule 


3. On the Edit menu, click Add Value, and then add the following registry values: 
o Value Name. atTaskMaxHours 
o Data type. reg DWOrd 
o Radix. Decimal 


o Value Data: 0. A value of 0 in the Value Data field indicates no limit and doesn't not stop. 
Values from 1 through 99 indicates the number of hours. 


e You can use the Scheduled Tasks folder to view or modify the settings of a task that was created by using 
this command. When you schedule a task using this command, the task is listed in the Scheduled Tasks 
folder, with a name such as the following:at3478. However, if you modify a task through the Scheduled 
Tasks folder, it's upgraded to a normal scheduled task. The task is no longer visible to the at command, and 
the at account setting no longer applies to it. You must explicitly enter a user account and password for the 
task. 


Examples 


To display a list of commands scheduled on the Marketing server, type: 


at \\marketing 


To learn more about a command with the identification number 3 on the Corp server, type: 
at \\corp 3 


To schedule a net share command to run on the Corp server at 8:00 A.M. and redirect the listing to the Maintenance 
server, in the Reports shared directory, and the Corp.txt file, type: 


at \\corp 08:00 cmd /c net share reports=d:\marketing\reports >> \\maintenance\reports\corp.txt 


To back up the hard drive of the Marketing server to a tape drive at midnight every five days, create a batch 
program called Archive.cmd, which contains the backup commands, and then schedule the batch program to run, 


type: 
at \\marketing 00:00 /every:5,10,15,20,25,30 archive 
To cancel all commands scheduled on the current server, clear the at schedule information as follows: 


at /delete 


To run a command that is not an executable (.exe) file, precede the command with cmd /c to load cmd.exe as 
follows: 


cmd /c dir > c:\test.out 


Additional References 


e Command-Line Syntax Key 


e schtasks. Another command-line scheduling tool. 


atmadm 


11/2/2020 * 3 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Monitors connections and addresses that are registered by the atM call Manager on an asynchronous transfer 
mode (atM) network. You can use atmadm to display statistics for incoming and outgoing calls on atM adapters. 
Used without parameters, atmadm displays statistics for monitoring the status of active atM connections. 


Syntax 


atmadm [/c][/a][/s] 


Parameters 
PARAMETER DESCRIPTION 
/c Displays call information for all current connections to the atM 
network adapter installed on this computer. 
/a Displays the registered atM network service access point 
(NSAP) address for each adapter installed in this computer. 
/s Displays statistics for monitoring the status of active atM 
connections. 
/? Displays help at the command prompt. 
Remarks 


e Theatmadm /c command produces output similar to the following: 


Windows atM call Manager Statistics 
atM Connections on Interface : [009] Olicom atM PCI 155 Adapter 
Connection VPI/VCI remote address/ 
Media Parameters (rates in bytes/sec) 
In PMP SVC 0/193 47000580FFE1000000F21A2E180020481A2E180B 
Tx:UBR,Peak Ø,Avg Ø,MaxSdu 1516 
Rx:UBR, Peak 16953936,Avg 16953936,MaxSdu 1516 
Out P-P SVC 0/192  4700Ø580FFE1900Ø0ØF21A2E180020481A2E18ØB 
TX:UBR, Peak 16953936,Avg 16953936,MaxSdu 1516 
Rx:UBR, Peak 16953936,Avg 16953936,MaxSdu 1516 
In PMP SVC 0/191 4700Ø580FFE19Ø00Ø0ØF21A2E180020481A2E18ØB 
Tx:UBR,Peak Ø,Avg Ø,MaxSdu 1516 
Rx :UBR, Peak 16953936,Avg 16953936,MaxSdu 1516 
Out P-P SVC 0/1990  4700Ø580FFE1900Ø0ØF21A2E180020481A2E18ØB 
TX:UBR, Peak 16953936,Avg 16953936,MaxSdu 1516 
Rx:UBR, Peak 16953936,Avg 16953936,MaxSdu 1516 
In P-P SVC 0/475 47000580FFE1Q00Q0000F 21A2E180000C110081501 
Tx:UBR,Peak 16953984,Avg 16953984,MaxSdu 9188 
Rx:UBR,Peak 16953936,Avg 16953936,MaxSdu 9188 
Out PMP SVC 0/194 47000580FFE100Q000F 21A2E180000C110081501 (0) 
Tx:UBR,Peak 16953984,Avg 16953984,MaxSdu 9180 
Rx:UBR,Peak @,Avg @,MaxSdu @ 
Out P-P SVC 0/474 4700918100000000613E5BFEQ10000C110081500 
Tx:UBR,Peak 16953984,Avg 16953984,MaxSdu 9188 
Rx:UBR,Peak 16953984,Avg 16953984,MaxSdu 9188 
In PMP SVC 0/195 47000580FFE1000000F 21A2E180000C110081500 
Tx:UBR, Peak Ø,Avg Ø,MaxSdu @ 
Rx :UBR, Peak 16953936,Avg 16953936,MaxSdu 9189 


The following table contains descriptions of each element in the atmadm /c sample output. 
TYPE OF DATA SCREEN DISPLAY DESCRIPTION 


Connection Information In/Out Direction of the call. In is to the atM 
network adapter from another 
device. Out is from the atM network 
adapter to another device. 


PMP Point-to-multipoint call. 
P-P Point-to-point call. 
SVC Connection is on a switched virtual 
circuit. 
PVC Connection is on a permanent virtual 
circuit. 
VPI/VCI Information VPI/VCI Virtual path and virtual channel of 
the incoming or outgoing call. 
Remote address/Media Parameters 47000580FFE1000000F21A2E18000 NSAP address of the calling (In) or 


0C110081500 called (Out) atM device. 


TYPE OF DATA 


Tx 


SCREEN DISPLAY DESCRIPTION 


The Tx parameter includes the 

following three elements: 

e Default or specified bit-rate 
type (UBR, CBR, VBR, or ABR) 

e Default or specified line speed 


e Specified service data unit 
(SDU) size. 


The Rx parameter includes the 

following three elements: 

© Default or specified bit-rate 
type (UBR, CBR, VBR, or ABR) 

© Default or specified line speed 

e Specified SDU size. 


e Theatmadm /a command produces output similar to the following: 


Windows atM call Manager Statistics 
atM addresses for Interface : [009] 


Olicom atM PCI 155 Adapter 


47000580FFE1900000F21A2E180000C110081509 


e Theatmadm /s command produces output similar to the following: 


Windows atM call Manager Statistics 


atM call Manager statistics for Interface : [009] Olicom atM PCI 155 Adapter 


Current active calls 

Total successful Incoming calls 
Total successful Outgoing calls 
Unsuccessful Incoming calls 
Unsuccessful Outgoing calls 

calls Closed by remote 

calls Closed Locally 

Signaling and ILMI Packets Sent 
Signaling and ILMI Packets Received 


=4 
= 1332 
= 1297 
1 

1 
1302 
1323 
33655 
= 34989 


I 


Il 


Il 


I 


II 


The following table contains descriptions of each element in the atmadm /s sample output. 


CALL MANAGER STATISTIC 


Current active calls 


Total successful Incoming calls 


Total successful Outgoing calls 


Unsuccessful Incoming calls 


Unsuccessful Outgoing calls 


DESCRIPTION 


Calls currently active on the atM adapter installed on this 
computer. 


Calls successfully received from other devices on this atM 
network. 


Calls successfully completed to other atM devices on this 
network from this computer. 


Incoming calls that failed to connect to this computer. 


Outgoing calls that failed to connect to another device on 
the network. 


CALL MANAGER STATISTIC DESCRIPTION 


Calls Closed by remote Calls closed by a remote device on the network. 
Calls Closed Locally Calls closed by this computer. 
Signaling and ILMI Packets Sent Number of integrated local management interface (ILMI) 


packets sent to the switch to which this computer is 
attempting to connect. 


Signaling and ILMI Packets Received Number of ILMI packets received from the atM switch. 
Examples 
To display call information for all current connections to the atM network adapter installed on this computer, type: 
atmadm /c 


To display the registered atM network service access point (NSAP) address for each adapter installed in this 
computer, type: 


atmadm /a 
To display statistics for monitoring the status of active atM connections, type: 
atmadm /s 


Additional References 


e Command-Line Syntax Key 


attach vdisk 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Attaches (sometimes called mounts or surfaces) a virtual hard disk (VHD) so that it appears on the host computer 
as a local hard disk drive. If the VHD already has a disk partition and file system volume when you attach it, the 
volume inside the VHD is assigned a drive letter. 





IMPORTANT 


You must choose and detach a VHD for this operation to succeed. Use the select vdisk command to select a VHD and shift 
the focus to it. 





Syntax 


attach vdisk [readonly] { [sd=<SDDL>] | [usefilesd] } [noerr] 


Parameters 
PARAMETER DESCRIPTION 
readonly Attaches the VHD as read-only. Any write operation returns 


an error 


PARAMETER 


sd=<SDDL string> 


usefilesd 


noerr 


Examples 


To attach the selected VHD as read-only, type: 


attach vdisk readonly 


Additional References 


e Command-Line Syntax Key 


select vdisk 


e compact vdisk 


detail vdisk 


detach vdisk 


DESCRIPTION 


Sets the user filter on the VHD. The filter string must be in the 

Security Descriptor Definition Language (SDDL) format. By 

default the user filter allows access like on a physical disk. 

SDDL strings can be complex, but in its simplest form, a 

security descriptor that protects access is known as a 

discretionary access control list (DACL). It uses the form: 
D:<dacl flags><string acel><string ace2>.. 


«string acen> 


Common DACL flags are: 


e A. Allow access 
e D. Deny access 


Common rights are: 
© GA. All access 

e GR. Read access 

e GW. Write access 


Common user accounts are: 
e BA. Built in administrators 
e AU. Authenticated users 
e CO. Creator owner 

e WD. Everyone 


Examples: 

e D:P:(A;;GR;;;AU. Gives read-access to all 
authenticated users. 

e D:P:(A;;GA;;;WD. Gives everyone full access. 


Specifies that the security descriptor on the .vhd file should be 
used on the VHD. If the Usefilesd parameter is not specified, 
the VHD will not have an explicit security descriptor unless it 
is specified with the Sd parameter. 


Used for scripting only. When an error is encountered, 
DiskPart continues to process commands as if the error did 
not occur. Without this parameter, an error causes DiskPart to 
exit with an error code. 


e expand vdisk 
e merge vdisk 


e list 


attrib 
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Displays, sets, or removes attributes assigned to files or directories. If used without parameters, attrib displays 
attributes of all files in the current directory. 


Syntax 


attrib [{+|-}r] [{+|]-}a] [{+]-}s] [{+|-}h] [{+]-}i] [<drive>:][<path>][<filename>] [/s [/d] [/1]] 


Parameters 
PARAMETER DESCRIPTION 

{+|-}r Sets (+) or clears (-) the Read-only file attribute. 

{+\|-}a Sets (+) or clears (-) the Archive file attribute. This attribute 
set marks files that have changed since the last time they were 
backed up. Note that the xcopy command uses archive 
attributes. 

{+\|-}s Sets (+) or clears (-) the System file attribute. If a file uses this 
attribute set, you must clear the attribute before you can 
change any other attributes for the file. 

{+\|-}h Sets (+) or clears (-) the Hidden file attribute. If a file uses this 
attribute set, you must clear the attribute before you can 
change any other attributes for the file. 

{+\|-}i Sets (+) or clears (-) the Not Content Indexed file attribute. 

[<drive>: ][<path>][<filename>] Specifies the location and name of the directory, file, or group 
of files for which you want to display or change attributes. 
You can use the ? and * wildcard characters in the 
filename parameter to display or change the attributes for 
a group of files. 

/s Applies attrib and any command-line options to matching 
files in the current directory and all of its subdirectories. 
/d Applies attrib and any command-line options to directories. 
Å Applies attrib and any command-line options to the Symbolic 
Link, rather than the target of the Symbolic Link. 
/ Displays help at the command prompt. 
Examples 


To display the attributes of a file named News86 that is located in the current directory, type: 


attrib news86 


To assign the Read-only attribute to the file named report.txt, type: 
attrib +r report.txt 

To remove the Read-only attribute from files in the public directory and its subdirectories on a disk in drive b:, type: 
attrib -r b:\public\*.* /s 


To set the Archive attribute for all files on drive a:, and then clear the Archive attribute for files with the .bak 
extension, type: 


attrib +a a:*.* & attrib -a a:*.bak 
Additional References 


e Command-Line Syntax Key 


e xcopy command 


attributes 
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Displays, sets, or clears the attributes of a disk or volume. 


Syntax 





attributes disk 
attributes volume 











Parameters 
PARAMETER DESCRIPTION 
attributes disk Displays, sets, or clears the attributes of a disk. 
attributes volume Displays, sets, or clears the attributes of a volume. 


Additional References 


e Command-Line Syntax Key 


attributes disk 
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Displays, sets, or clears the attributes of a disk. When this command is used to display the current attributes of a 
disk, the startup disk attribute denotes the disk used to start the computer. For a dynamic mirror, it displays the 
disk that contains the boot plex of the boot volume. 





IMPORTANT 


A disk must be selected for the attributes disk command to succeed. Use the select disk command to select a disk and 
shift the focus to it. 





Syntax 


attributes disk [{set | clear}] [readonly] [noerr] 


Parameters 
PARAMETER DESCRIPTION 
set Sets the specified attribute of the disk with focus. 
clear Clears the specified attribute of the disk with focus. 
readonly Specifies that the disk is read-only. 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To view the attributes of the selected disk, type: 
attributes disk 
To set the selected disk as read-only, type: 


attributes disk set readonly 
Additional References 


e Command-Line Syntax Key 


e select disk command 


attributes volume 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays, sets, or clears the attributes of a volume. 


Syntax 


attributes volume [{set | clear}] [{hidden | readonly | nodefaultdriveletter | shadowcopy)] [noerr] 


Parameters 
PARAMETER DESCRIPTION 
set Sets the specified attribute of the volume with focus. 
clear Clears the specified attribute of the volume with focus. 
readonly Specifies that the volume is read-only. 
hidden Specifies that the volume is hidden. 
nodefaultdriveletter Specifies that the volume does not receive a drive letter by 
default. 
shadowcopy Specifies that the volume is a shadow copy volume. 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Remarks 


e On basic master boot record (MBR) disks, the hidden, readonly, and nodefaultdriveletter parameters 
apply to all volumes on the disk. 


e On basic GUID partition table (GPT) disks, and on dynamic MBR and gpt disks, the hidden, readonly, and 
nodefaultdriveletter parameters apply only to the selected volume. 


e Avolume must be selected for the attributes volume command to succeed. Use the select volume 
command to select a volume and shift the focus to it. 


Examples 


To display the current attributes on the selected volume, type: 


attributes volume 


To set the selected volume as hidden and read-only, type: 
attributes volume set hidden readonly 


To remove the hidden and read-only attributes on the selected volume, type: 


attributes volume clear hidden readonly 


Additional References 
e Command-Line Syntax Key 


e select volume command 


auditpol 
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Displays information about and performs functions to manipulate audit policies, including: 
e Setting and querying a system audit policy. 


e Setting and querying a per-user audit policy. 


Setting and querying auditing options. 


Setting and querying the security descriptor used to delegate access to an audit policy. 


e Reporting or backing up an audit policy to a comma-separated value (CSV) text file. 


Loading an audit policy from a CSV text file. 


Configuring global resource SACLs. 


Syntax 


auditpol command [<sub-command><options> ] 


Parameters 

SUB-COMMAND DESCRIPTION 

/get Displays the current audit policy. For more information, see 
auditpol get for syntax and options. 

/set Sets the audit policy. For more information, see auditpol set 
for syntax and options. 

list Displays selectable policy elements. For more information, see 
auditpol list for syntax and options. 

/backup Saves the audit policy to a file. For more information, see 
auditpol backup for syntax and options. 

/restore Restores the audit policy from a file that was previously 
created by using auditpol /backup. For more information, see 
auditpol restore for syntax and options. 

/clear Clears the audit policy. For more information, see auditpol 
clear for syntax and options. 

/remove Removes all per-user audit policy settings and disables all 
system audit policy settings. For more information, see 
auditpol remove for syntax and options. 

/resourceSACL Configures global resource system access control lists (SACLs). 


Note: Applies only to Windows 7 and Windows Server 2008 
R2. For more information, see auditpol resourceSACL. 


SUB-COMMAND DESCRIPTION 


/? Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


auditpol backup 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Backs up system audit policy settings, per-user audit policy settings for all users, and all auditing options to a 
comma-separated value (CSV) text file. 


To perform backup operations on the per-user and system policies, you must have Write or Full Control 
permission for that object set in the security descriptor. You can also perform backup operations if you have the 
Manage auditing and security log (SeSecurityPrivilege) user right. However, this right allows additional access 
that is not necessary to perform the overall backup operations. 


Syntax 


auditpol /backup /file:<filename> 


Parameters 
PARAMETER DESCRIPTION 
/file Specifies the name of the file to which the audit policy will be 
backed up. 
R Displays help at the command prompt. 
Examples 


To back up per-user audit policy settings for all users, system audit policy settings, and all auditing options into a 
CSV-formatted text file named auditpolicy.csv, type: 


auditpol /backup /file:C:\auditpolicy.csv 





NOTE 


If no drive is specified, the current directory is used. 





Additional References 


e Command-Line Syntax Key 
e auditpol restore 


e@ auditpol commands 


auditpol clear 


11/2/2020 * 2 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Deletes the per-user audit policy for all users, resets (disables) the system audit policy for all subcategories, and 
sets all the auditing options to disabled. 


To perform clear operations on the per-user and system policies, you must have Write or Full Control permission 
for that object set in the security descriptor. You can also perform clear operations if you have the Manage 
auditing and security log (SeSecurityPrivilege) user right. However, this right allows additional access that is not 
necessary to perform the overall c/ear operations. 


Syntax 


auditpol /clear [/y] 


Parameters 
PARAMETER DESCRIPTION 
/y Suppresses the prompt to confirm if all audit policy settings 
should be cleared. 
nR Displays help at the command prompt. 
Examples 


To delete the per-user audit policy for all users, reset (disable) the system audit policy for all subcategories, and set 
all the audit policy settings to disabled, at a confirmation prompt, type: 


auditpol /clear 


To delete the per-user audit policy for all users, reset the system audit policy settings for all subcategories, and set 
all the audit policy settings to disabled, without a confirmation prompt, type: 


auditpol /clear /y 





NOTE 


The preceding example is useful when using a script to perform this operation. 





Additional References 


e Command-Line Syntax Key 


e auditpol commands 


auditpol get 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server, 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Retrieves the system policy, per-user policy, auditing options, and audit security descriptor object. 


To perform get operations on the per-user and system policies, you must have Read permission for that object set 


in the security descriptor. You can also perform get operations if you have the Manage auditing and security 


log (SeSecurityPrivilege) user right. However, this right allows additional access that is not necessary to perform 


the overall get operations. 


Syntax 


auditpol /get 

[/user[ :<username> |<(sid)>]] 
[/category:*|<name>|<{guid}>[, :<name|<{guid}> ]] 
[/subcategory: *|<name>|<{guid}>[, :<name|<{guid}> ]] 
[/option:<option name>] 

[/sd] 

[/r] 


Parameters 


PARAMETER 


/user 


/category 


/subcategory 


/sd 


/option 


fr 


it 


Remarks 


DESCRIPTION 


Displays the security principal for whom the per-user audit 
policy is queried. Either the /category or /subcategory 
parameter must be specified. The user may be specified as a 
security identifier (SID) or name. If no user account is specified, 
then the system audit policy is queried. 


One or more audit categories specified by globally unique 
identifier (GUID) or name. An asterisk (*) may be used to 
indicate that all audit categories should be queried. 


One or more audit subcategories specified by GUID or name. 


Retrieves the security descriptor used to delegate access to 
the audit policy. 


Retrieves the existing policy for the CrashOnAuditFail, 
FullprivilegeAuditing, AuditBaseObjects, or 
AuditBasedirectories options. 


Displays the output in report format, comma-separated value 
(CSV). 


Displays help at the command prompt. 


All categories and subcategories can be specified by the GUID or name enclosed by quotation marks ("). Users can 
be specified by SID or name. 


Examples 


To retrieve the per-user audit policy for the Guest account and display the output for the System, detailed Tracking, 
and Object Access categories, type: 


auditpol /get /user:{S-1-5-21-1443922412-3030960370-963420232-51} /category:System,detailed Tracking,Object 
Access 





NOTE 

This command is useful in two scenarios. 1) When monitoring a specific user account for suspicious activity, you can use the 
/get command to retrieve the results in specific categories by using an inclusion policy to enable additional auditing. 2) if 

audit settings on an account are logging numerous but superfluous events, you can use the /get command to filter out 

extraneous events for that account with an exclusion policy. For a list of all categories, use the auditpol /list /category 


command. 





To retrieve the per-user audit policy for a category and a particular subcategory, which reports the inclusive and 


exclusive settings for that subcategory under the System category for the Guest account, type: 


auditpol /get /user:guest /category:System /subcategory: {@ccee921a-69ae-11d9-bed3-505054503030} 


To display the output in report format and include the computer name, policy target, subcategory, subcategory 
GUID, inclusion settings, and exclusion settings, type: 


auditpol /get /user:guest /category:detailed Tracking /r 


To retrieve the policy for the System category and subcategories, which reports the category and subcategory 
policy settings for the system audit policy, type: 


auditpol /get /category:System /subcategory: {@ccee921a-69ae-11d9-bed3-505054503030} 


To retrieve the policy for the detailed Tracking category and subcategories in report format and include the 
computer name, policy target, subcategory, subcategory GUID, inclusion settings, and exclusion settings, type: 


auditpol /get /category:detailed Tracking /r 


To retrieve the policy for two categories with the categories specified as GUIDs, which reports all the audit policy 
settings of all the subcategories under two categories, type: 


auditpol /get /category: {69979849 -797a-11d9-bed3-505054503030}, {69997984a-797a-11d9-bed3-505054503030} 
subcategory : {@ccee921a-69ae-11d9 -bed3-505054503030} 


To retrieve the state, either enabled or disabled, of the AuditBaseObjects option, type: 


auditpol /get /option:AuditBaseObjects 


Where the available options are AuditBaseObjects, AuditBaseOperations, and FullprivilegeAuditing. To retrieve the 
state enabled, disabled, or 2 of the CrashOnAuditFail option, type: 


auditpol /get /option:CrashOnAuditFail /r 
Additional References 


e Command-Line Syntax Key 


e auditpol commands 


auditpol list 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Lists audit policy categories and subcategories, or lists users for whom a per-user audit policy is defined. 


To perform /ist operations on the per-user policy, you must have Read permission for that object set in the security 
descriptor. You can also perform /ist operations if you have the Manage auditing and security log 
(SeSecurityPrivilege) user right. However, this right allows additional access that is not necessary to perform the 
overall /ist operations. 


Syntax 


auditpol /list 
[/user|/category|subcategory[ :<categoryname>|<{guid}>|*]] 


[/v] [/r] 
Parameters 

PARAMETER DESCRIPTION 

/user Retrieves all users for whom the per-user audit policy has 
been defined. If used with the /v parameter, the security 
identifier (SID) of the user is also displayed. 

/category Displays the names of categories understood by the system. If 
used with the /v parameter, the category globally unique 
identifier (GUID) is also displayed. 

/subcategory Displays the names of subcategories and their associated 
GUID. 

N Displays the GUID with the category or subcategory, or when 
used with /user, displays the SID of each user. 

fr Displays the output as a report in comma-separated value 
(CSV) format. 

n Displays help at the command prompt. 

Examples 


To list all users who have a defined audit policy, type: 


auditpol /list /user 


To list all users who have a defined audit policy and their associated SID, type: 


auditpol /list /user /v 

To list all categories and subcategories in report format, type: 
auditpol /list /subcategory:* /r 

To list the subcategories of the detailed Tracking and DS Access categories, type: 
auditpol /list /subcategory:detailed Tracking,DS Access 

Additional References 


e Command-Line Syntax Key 


e auditpol commands 


auditpol remove 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Removes the per-user audit policy for a specified account or all accounts. 


To perform remove operations on the per-user policy, you must have Write or Full Control permissions for that 
object set in the security descriptor. You can also perform remove operations if you have the Manage auditing 
and security log (SeSecurityPrivilege) user right. However, this right allows additional access that is not 


necessary to perform the overall remove operations. 


Syntax 


auditpol /remove [/user[:<username>|<{SID}>]] 


[/allusers] 
Parameters 
PARAMETER DESCRIPTION 
/user Specifies the security identifier (SID) or user name for the user 
for whom the per-user audit policy is to be deleted. 
/allusers Removes the per-user audit policy for all users. 
R Displays help at the command prompt. 
Examples 


To remove the per-user audit policy for user mikedan by name, type: 
auditpol /remove /user:mikedan 

To remove the per-user audit policy for user mikedan by SID, type: 
auditpol /remove /user:{S-1-5-21-397123471-12346959} 

To remove the per-user audit policy for all users, type: 
auditpol /remove /allusers 


Additional References 


e Command-Line Syntax Key 


e auditpol commands 


auditpol resourceSACL 
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Applies to: Windows 7 and Windows Server 2008 R2 


Configures global resource system access control lists (SACLs). 


To perform resourceSACL operations, you must have Write or Full Control permissions for that object set in the 
security descriptor. You can also perform resourceSACL operations if you have the Manage auditing and 
security log (SeSecurityPrivilege) user right. 


Syntax 


auditpol /resourceSACL 

[/set /type:<resource> [/success] [/failure] /user:<user> [/access:<access flags>]] 
[/remove /type:<resource> /user:<user> [/type:<resource>] ] 

[/clear [/type:<resource>] ] 

[/view [/user:<user>] [/type:<resource>] ] 


Parameters 
PARAMETER DESCRIPTION 
/set Adds a new entry to or updates an existing entry in the 
resource SACL for the resource type specified. 
/remove Removes all entries for the given user in the global object 
access auditing list. 
/clear Removes all entries from the global object access auditing list. 
/view Lists the global object access auditing entries in a resource 
SACL. The user and resource types are optional. 
R Displays help at the command prompt. 
Arguments 
ARGUMENT DESCRIPTION 
/type The resource for which object access auditing is being 
configured. The supported, case-sensitive, argument values 
are File (for directories and files) and Key (for registry keys). 
/success Specifies success auditing. 


/failure Specifies failure auditing. 


ARGUMENT DESCRIPTION 


/user Specifies a user in one of the following forms: 
e DomainNamelVAccount (such as DOM\Administrators) 
e StandaloneServer\Group Account (see 
LookupAccountName function) 
@ {S-1-x-x-x-x} (x is expressed in decimal, and the entire 
SID must be enclosed in curly braces). For example: {S- 
1-5-21-5624481-130208933-164394174-1001} 


Note: If the SID form is used, no check is done to 
verify the existence of this account. 


/access Specifies a permission mask that can be specified through: 
Generic access rights, including: 
e GA - GENERIC ALL 
e GR - GENERIC READ 


e GW - GENERIC WRITE 
e GX - GENERIC EXECUTE 


Access rights for files, including: 


FA - FILE ALL ACCESS 

FR - FILE GENERIC READ 
FW - FILE GENERIC WRITE 
FX - FILE GENERIC EXECUTE 


Access rights for registry keys, including: 


e KA - KEY ALL ACCESS 
e KR- KEY READ 

e KW - KEY WRITE 

@ KX - KEY EXECUTE 


For example: /access:FRFW enables audit events for 
read and write operations. 


A hexadecimal value representing the access mask (such 
as 0x1200a9) 


This is useful when using resource-specific bit masks that 
are not part of the security descriptor definition language 
(SDDL) standard. If omitted, Full access is used. 


Examples 


To set a global resource SACL to audit successful access attempts by a user on a registry key: 


auditpol /resourceSACL /set /type:Key /user:MYDOMAIN\myuser /success 


To set a global resource SACL to audit successful and failed attempts by a user to perform generic read and write 


functions on files or folders: 


auditpol /resourceSACL /set /type:File /user:MYDOMAIN\myuser /success /failure /access:FRFW 


To remove all global resource SACL entries for files or folders: 


auditpol /resourceSACL /type:File /clear 
To remove all global resource SACL entries for a particular user from files or folders: 

auditpol /resourceSACL /remove /type:File /user:(S-1-5-21-56248481-1302087933-1644394174-1001) 
To list the global object access auditing entries set on files or folders: 

auditpol /resourceSACL /type:File /view 
To list the global object access auditing entries for a particular user that are set on files or folders: 


auditpol /resourceSACL /type:File /view /user:MYDOMAIN\myuser 


Additional References 


e Command-Line Syntax Key 


e auditpol commands 


auditpol restore 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Restores system audit policy settings, per-user audit policy settings for all users, and all auditing options from a file 
that is syntactically consistent with the comma-separated value (CSV) file format used by the /backup option. 


To perform restore operations on the per-user and system policies, you must have Write or Full Control 
permission for that object set in the security descriptor. You can also perform restore operations if you have the 
Manage auditing and security log (SeSecurityPrivilege) user right, which is useful when restoring the security 
descriptor in the event of an error or malicious attack. 


Syntax 


auditpol /restore /file:<filename> 


Parameters 
PARAMETER DESCRIPTION 
/file Specifies the file from which the audit policy should be 
restored. The file must have been created by using the 
/backup option or must be syntactically consistent with the 
CSV file format used by the /backup option. 
R Displays help at the command prompt. 
Examples 


To restore system audit policy settings, per-user audit policy settings for all users, and all auditing options from a 
file named auditpolicy.csv that was created by using the /backup command, type: 


auditpol /restore /file:c:\auditpolicy.csv 


Additional References 


e Command-Line Syntax Key 
e auditpol backup 


e auditpol commands 


auditpol set 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sets the per-user audit policy, system audit policy, or auditing options. 


To perform set operations on the per-user and system policies, you must have Write or Full Control permission 
for that object set in the security descriptor. You can also perform set operations if you have the Manage auditing 
and security log (SeSecurityPrivilege) user right. However, this right allows additional access that is not 
necessary to perform the overall set operations. 


Syntax 


auditpol /set 
[/user[:<username>|<{sid}>][/include][/exclude] ] 
[/category:<name>|<{guid}>[, :<name|<{guid}> ]] 
[/success:<enable>|<disable>][/failure:<enable>|<disable>] 
[/subcategory:<name>|<{guid}>[, :<name|<{guid}> ]] 
[/success:<enable>|<disable>][/failure:<enable>|<disable>] 
[/option:<option name> /value: <enable>|<disable>] 


Parameters 


PARAMETER DESCRIPTION 


/user The security principal for whom the per-user audit policy 
specified by the category or subcategory is set. Either the 
category or subcategory option must be specified, as a 
security identifier (SID) or name. 


/include Specified with /user; indicates that the user's per-user policy 
will cause an audit to be generated even if it is not specified 
by the system audit policy. This setting is the default and is 
automatically applied if neither the /include nor /exclude 
parameters are explicitly specified. 


/exclude Specified with /user; indicates that the user's per-user policy 
will cause an audit to be suppressed regardless of the system 
audit policy. This setting is ignored for users who are members 
of the local Administrators group. 


/category One or more audit categories specified by globally unique 
identifier (GUID) or name. If no user is specified, the system 
policy is set. 


/subcategory One or more audit subcategories specified by GUID or name. 
If no user is specified, the system policy is set. 


PARAMETER DESCRIPTION 


/success Specifies success auditing. This setting is the default and is 
automatically applied if neither the /success nor /failure 
parameters are explicitly specified. This setting must be used 
with a parameter indicating whether to enable or disable the 
setting. 


/failure Specifies failure auditing. This setting must be used with a 
parameter indicating whether to enable or disable the setting. 


/option Sets the audit policy for the CrashOnAuditFail, 
FullprivilegeAuditing, AuditBaseObjects, or 
AuditBasedirectories options. 


/sd Sets the security descriptor used to delegate access to the 
audit policy. The security descriptor must be specified by using 
the Security Descriptor Definition Language (SDDL). The 
security descriptor must have a discretionary access control 
list (DACL). 


/? Displays help at the command prompt. 


Examples 


To set the per-user audit policy for all subcategories under the detailed Tracking category for the user mikedan so 
that all the user's successful attempts will be audited, type: 


auditpol /set /user:mikedan /category:detailed Tracking /include /success:enable 


To set the per-user audit policy for categories specified by name and GUID, and subcategories specified by GUID to 
suppress auditing for any successful or failed attempts, type: 


auditpol /set /user:mikedan /exclude /category:Object Access, System, {6997984b-797a-11d9-bed3-505054503030} 
/subcategory: {@ccee9210-69ae-11d9 -bed3-505054503030}, : {@ccee9211-69ae-11d9-bed3-505054503030}, /success:enable 
/failure:enable 


To set the per-user audit policy for the specified user for all the categories for the suppression of auditing of all but 
successful attempts, type: 


auditpol /set /user:mikedan /exclude /category:* /success:enable 


To set the system audit policy for all subcategories under the detailed Tracking category to include auditing for only 
successful attempts, type: 


auditpol /set /category:detailed Tracking /success:enable 





NOTE 


The failure setting is not altered. 





To set the system audit policy for the Object Access and System categories (which is implied because subcategories 


are listed) and subcategories specified by GUIDs for the suppression of failed attempts and the auditing of 
successful attempts, type: 


auditpol /set /subcategory: {@ccee9210-69ae-11d9-bed3-505054503030}, {@ccee9211 -69ae-11d9-bed3-505054593030}, 
/failure:disable /success:enable 


To set the auditing options to the enabled state for the CrashOnAuditFail option, type: 


auditpol /set /option:CrashOnAuditFail /value:enable 


Additional References 
e Command-Line Syntax Key 


e auditpol commands 


elro aA 


11/2/2020 * 2 minutes to read * Edit Online 





Runs when the computer is started and prior to Windows Server starting to verify the logical integrity of a file 
system. 


Autochk.exe is a version of chkdsk that runs only on NTFS disks and only before Windows Server starts. 
autochk cannot be run directly from the command-line. Instead, autochk runs in the following situations: 


e Ifyoutry to run chkdsk on the boot volume. 
e Ifchkdsk cannot gain exclusive use of the volume. 


e If the volume is flagged as dirty. 


Remarks 





WARNING 


The autochk command-line tool cannot be directly run from the command-line. Instead, use the chkntfs command-line 
tool to configure the way you want autochk to run at startup. 


e You can use chkntfs with the /x parameter to prevent autochk from running on a specific volume or multiple 
volumes. 


e Use the chkntfs.exe command-line tool with the /t parameter to change the autochk delay from 0 seconds to up to 
3 days (259,200 seconds). However, a long delay means that the computer does not start until the time elapses or 
until you press a key to cancel autochk. 








Additional References 
e Command-Line Syntax Key 
e chkdsk command 


e chkntfs command 


autoconv 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Converts file allocation table (Fat) and Fat32 volumes to the NTFS file system, leaving existing files and directories 


intact at startup after autochk runs. volumes converted to the NTFS file system cannot be converted back to Fat or 
Fat32. 





IMPORTANT 


You can't run autoconv from the command-line. This can only run at startup, if set through convert.exe. 





Additional References 
e Command-Line Syntax Key 
e autochk command 


e convert command 


autofmt 
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Starts the Auto File System Format Utility, which formats a drive or partition when called from the Windows 
Recovery Console. 





Additional References 


e Command-Line Syntax Key 
e Windows Recovery Environment (WinRE) 


e How to use Windows Recovery Environment (WinRE) to troubleshoot common startup issues 


automount 
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Applies To: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


e Command-Line Syntax Key 





IMPORTANT 


In storage area network (SAN) configurations, disabling automount prevents Windows from automatically mounting or 
assigning drive letters to any new basic volumes that are visible to the system. 





Syntax 
automount [ { enable | disable | scrub } ] [noerr] 


Parameters 


PARAMETER DESCRIPTION 


enable Enables Windows to automatically mount new basic and 
dynamic volumes that are added to the system and to assign 
them drive letters. 


disable Prevents Windows from automatically mounting any new 
basic and dynamic volumes that are added to the system. 


Note: Disabling automount can cause failover clusters to 
fail the storage portion of the Validate a Configuration 
Wizard. 


scrub Removes volume mount point directories and registry settings 
for volumes that are no longer in the system. This prevents 
volumes that were previously in the system from being 
automatically mounted and given their former volume mount 
point(s) when they are added back to the system. 


noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 


Examples 


To see if the automount feature is enabled, type the following commands from within the diskpart command: 


automount 


To enable the automount feature, type: 


automount enable 


To disable the automount feature, type: 


automount disable 


Additional References 
e Command-Line Syntax Key 


e diskpart commands 


bcdboot 
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Enables you to quickly set up a system partition, or to repair the boot environment located on the system partition. 
The system partition is set up by copying a simple set of Boot Configuration Data (BCD) files to an existing empty 
partition. 


Syntax 


bcdboot <source> [/1] [/s] 


Parameters 
PARAMETER DESCRIPTION 
source Specifies the location of the Windows directory to use as the 
source for copying boot environment files. 
Å Specifies the locale. The default locale is US English. 
/s Specifies the volume letter of the system partition. The default 
is the system partition identified by the firmware. 
Examples 


For information about where to find BCDboot and examples of how to use this command, see the BCDboot 
Command-Line Options topic. 


Additional References 


e Command-Line Syntax Key 


bcdedit 
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Boot Configuration Data (BCD) files provide a store that is used to describe boot applications and boot application 
settings. The objects and elements in the store effectively replace Boot.ini. 


BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including 
creating new stores, modifying existing stores, adding boot menu parameters, and so on. BCDEdit serves 
essentially the same purpose as Bootcfg.exe on earlier versions of Windows, but with two major improvements: 


e Exposes a wider range of boot parameters than Bootcfg.exe. 


e Has improved scripting support. 





NOTE 
Administrative privileges are required to use BCDEdit to modify BCD. 





BCDEdit is the primary tool for editing the boot configuration of Windows Vista and later versions of Windows. It is 
included with the Windows Vista distribution in the %WINDIR%\System32 folder. 


BCDEdit is limited to the standard data types and is designed primarily to perform single common changes to BCD. 
For more complex operations or nonstandard data types, consider using the BCD Windows Management 
Instrumentation (WMI) application programming interface (API) to create more powerful and flexible custom tools. 


Syntax 


bcdedit /command [<argument1>] [<argument2>] ... 


Parameters 


General BCDEdit Command-Line Options 


OPTION DESCRIPTION 


R Displays a list of BCDEdit commands. Running this command 
without an argument displays a summary of the available 
commands. To display detailed help for a particular command, 
run bededit /? <command> , Where <command> is the name 
of the command you are searching for more information 
about. For example, bcdedit /? createstore displays detailed 
help for the Createstore command. 


Parameters that Operate on a Store 


OPTION DESCRIPTION 


/createstore Creates a new empty boot configuration data store. The 
created store is not a system store. 


OPTION 


/export 


/import 


/store 


Parameters that Operate on Entries in a Store 


PARAMETER 


/copy 


/create 


/delete 


Parameters that Operate on Entry Options 


PARAMETER 


/deletevalue 


/set 


Parameters that Control Output 


PARAMETER 


/enum 


N 


Parameters that Control the Boot Manager 


DESCRIPTION 


Exports the contents of the system store into a file. This file 
can be used later to restore the state of the system store. This 
command is valid only for the system store. 


Restores the state of the system store by using a backup data 
file previously generated by using the /export option. This 
command deletes any existing entries in the system store 
before the import takes place. This command is valid only for 
the system store. 


This option can be used with most BCDedit commands to 
specify the store to be used. If this option is not specified, 
then BCDEdit operates on the system store. Running the 
bcdedit /store command by itself is equivalent to running 
the bcdedit /enum active command. 


DESCRIPTION 


Makes a copy of a specified boot entry in the same system 
store. 


Creates a new entry in the boot configuration data store. If a 
well-known identifier is specified, then the /application, 
/inherit, and /device parameters cannot be specified. If an 
identifier is not specified or not well known, an /application, 
/inherit, or /device option must be specified. 


Deletes an element from a specified entry. 


DESCRIPTION 


Deletes a specified element from a boot entry. 


Sets an entry option value. 


DESCRIPTION 


Lists entries in a store. The /enum option is the default value 
for BCEdit, so running the bcdedit command without 
parameters is equivalent to running the bcdedit /enum 
active command. 


Verbose mode. Usually, any well-known entry identifiers are 
represented by their friendly shorthand form. Specifying /v as 
a command-line option displays all identifiers in full. Running 
the bcdedit /v command by itself is equivalent to running 
the bcdedit /enum active /v command. 


PARAMETER 


/bootsequence 


/default 


/displayorder 


/timeout 


/toolsdisplayorder 


Parameters that Control Emergency Management Services 


PARAMETER 


/bootems 


/ems 


/emssettings 


Parameters that Control Debugging 
PARAMETER 


/bootdebug 


/dbgsettings 


/debug 


Additional References 


DESCRIPTION 


Specifies a one-time display order to be used for the next 
boot. This command is similar to the /displayorder option, 
except that it is used only the next time the computer starts. 
Afterwards, the computer reverts to the original display order. 


Specifies the default entry that the boot manager selects 
when the timeout expires. 


Specifies the display order that the boot manager uses when 
displaying boot parameters to a user. 


Specifies the time to wait, in seconds, before the boot 
manager selects the default entry. 


Specifies the display order for the boot manager to use when 
displaying the Tools menu. 


DESCRIPTION 


Enables or disables Emergency Management Services (EMS) 
for the specified entry. 


Enables or disables EMS for the specified operating system 
boot entry. 


Sets the global EMS settings for the computer. /emssettings 
does not enable or disable EMS for any particular boot entry. 


DESCRIPTION 


Enables or disables the boot debugger for a specified boot 
entry. Although this command works for any boot entry, it is 
effective only for boot applications. 


Specifies or displays the global debugger settings for the 

system. This command does not enablepose. To set an 

individual global debugger setting, use the bcdedit /set 
<dbgsettings> <type> <value> command. 


Enables or disables the kernel debugger for a specified boot 
entry. 


For examples of how to use BCDEdit, see the BCDEdit Options Reference article. 


To see the notation used to indicate command-line syntax, see Command-Line Syntax Key. 


bdehdcfg 
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Prepares a hard drive with the partitions necessary for BitLocker Drive Encryption. Most installations of Windows 
7 will not need to use this tool because BitLocker setup includes the ability to prepare and repartition drives as 
required. 





WARNING 


There is a known conflict with the Deny write access to fixed drives not protected by BitLocker Group Policy setting 
located in Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive 
Encryption\Fixed Data Drives. 


If bdehdcfg is run on a computer when this policy setting is enabled, you may encounter the following issues: 


e |f you attempted to shrink the drive and create the system drive, the drive size will be successfully reduced and a raw 
partition will be created. However, the raw partition will not be formatted. The following error message is displayed: 
The new active Drive cannot be formatted. You may need to manually prepare your drive for BitLocker. 


e Ifyou attempted to use unallocated space to create the system drive, a raw partition will be created. However, the 
raw partition will not be formatted. The following error message is displayed: The new active Drive cannot be 
formatted. You may need to manually prepare your drive for BitLocker. 


© Ifyou attempted to merge an existing drive into the system drive, the tool will fail to copy the required boot file onto 
the target drive to create the system drive. The following error message is displayed: BitLocker setup failed to copy 
boot files. You may need to manually prepare your drive for BitLocker. 


e If this policy setting is being enforced, a hard drive cannot be repartitioned because the drive is protected. If you are 
upgrading computers in your organization from a previous version of Windows and those computers were 
configured with a single partition, you should create the required BitLocker system partition before applying the 
policy setting to the computers. 








Syntax 


bdehdcfg [-driveinfo <drive letter>] [-target (default |unallocated|<drive letter> shrink|<drive_letter> 
merge}] [-newdriveletter] [-size <size in mb>] [-quiet] 


Parameters 

PARAMETER DESCRIPTION 

bdehdcfg: driveinfo Displays the drive letter, the total size, the maximum free 
space, and the partition characteristics of the partitions on 
the drive specified. Only valid partitions are listed. Unallocated 
space is not listed if four primary or extended partitions 
already exist. 

bdehdcfg: target Defines which portion of a drive to use as the system drive 
and makes the portion active. 

bdehdcfg: newdriveletter Assigns a new drive letter to the portion of a drive used as 


the system drive. 


PARAMETER 


bdehdcfg: size 


bdehdcfg: quiet 


bdehdcfg: restart 


P? 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Determines the size of the system partition when a new 
system drive is being created. 


Prevents the display of all actions and errors in the command- 
line interface and directs bdehdcfg to use the Yes answer to 
any Yes/No prompts that may occur during subsequent drive 
preparation. 


Directs the computer to restart after the drive preparation 
has finished. 


Displays Help at the command prompt. 


bdehdcfg: driveinfo 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Displays the drive letter, the total size, the maximum free space, and the partition characteristics. Only valid 
partitions are listed. Unallocated space is not listed if four primary or extended partitions already exist. 


NOTE 


This command is informational only and makes no changes to the drive. 


Syntax 


bdehdcfg -driveinfo <drive_letter> 


Parameters 


PARAMETER 


<drive letter> 


Example 


To display the drive information for the C: drive: 


bdehdcfg driveinfo C: 


Additional References 


e Command-Line Syntax Key 


e bdehdcfg 





DESCRIPTION 


Specifies a drive letter followed by a colon. 


bdehdcfg: newdriveletter 
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Assigns a new drive letter to the portion of a drive used as the system drive. As a best practice, we recommend not 
assigning a drive letter to your system drive. 


Syntax 


bdehdcfg -target {default|unallocated|<drive_letter> shrink|<drive_letter> merge} -newdriveletter 
<drive_letter> 


Parameters 
PARAMETER DESCRIPTION 
<drive_letter> Defines the drive letter that will be assigned to the specified 
target drive. 
Examples 


To assign the default drive the drive letter p : 
bdehdcfg -target default -newdriveletter P: 
Additional References 


e Command-Line Syntax Key 


e bdehdcfg 


bdehdcfg: quiet 
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Informs the bdehdcfg command-line tool that all actions and errors are not to be displayed in the command-line 
interface. Any Yes/No (Y/N) prompts displayed during the drive preparation will assume a "Yes" answer. To view 
any error that occurred during drive preparation, review the system event log under the Microsoft-Windows- 
BitLocker-DrivePreparationTool event provider. 


Syntax 


bdehdcfg -target {default|unallocated|<drive_letter> shrink|<drive_letter> merge} -quiet 


Parameters 


This command has no additional parameters. 


Examples 


To use the quiet command: 


bdehdcfg -target default -quiet 


Additional References 


e Command-Line Syntax Key 


e bdehdcfg 


bdehdcfg: restart 
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Informs the bdehdcfg command-line tool that the computer should be restarted after the drive preparation has 
concluded. If other users are logged on to the computer and the quiet command is not specified, a prompt 
appears to confirm that the computer should be restarted. 


Syntax 


bdehdcfg -target {default|unallocated|<drive_letter> shrink|<drive_letter> merge} -restart 


Parameters 


This command has no additional parameters. 


Examples 


To use the restart command: 


bdehdcfg -target default -restart 
Additional References 


e Command-Line Syntax Key 


e bdehdcfg 


bdehdcfa: size 
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Specifies the size of the system partition when a new system drive is being created. If you do not specify a size, the 
tool will use the default value of 300 MB. The minimum size of the system drive is 100 MB. If you will store system 
recovery or other system tools on the system partition, you should increase the size accordingly. 





NOTE 


The size command cannot be combined with the target <drive_letter> merge command. 





Syntax 


bdehdcfg -target {default|unallocated|<drive_letter> shrink} -size <size_in_mb> 


Parameters 
PARAMETER DESCRIPTION 
<size_in_mb> Indicates the number of megabytes (MB) to use for the new 
partition. 
Examples 


To allocate 500 MB to the default system drive: 


bdehdcfg -target default -size 500 


Additional References 


e Command-Line Syntax Key 


e bdehdcfg 


bdehdcfg: target 
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Prepares a partition for use as a system drive by BitLocker and Windows Recovery. By default, this partition is 


created without a drive letter. 


Syntax 


bdehdcfg -target (default |unallocated|<drive letter> shrink|<drive letter> merge) 


Parameters 


PARAMETER 


default 
unallocated 


«drive letter> shrink 


<drive_letter> merge 


Examples 


To designate an existing drive (P) as the system drive: 


bdehdcfg -target P: merge 


Additional References 
e Command-Line Syntax Key 


e bdehdcfg 


DESCRIPTION 


Indicates that the command-line tool will follow the same 
process as the BitLocker setup wizard. 


Creates the system partition out of the unallocated space 
available on the disk. 


Reduces the drive specified by the amount necessary to create 
an active system partition. To use this command, the drive 
specified must have at least 5 percent free space. 


Uses the drive specified as the active system partition. The 
operating system drive cannot be a target for merge. 


begin backup 


11/2/2020 * 2 minutes to read * Edit Online 





Applies To: Windows Server 2012 R2, Windows Server 2012 


Starts a full backup session. This command overrides the default copy backup setting. 


Syntax 


begin backup 


Additional References 
e Command-Line Syntax Key 


e begin restore command 


begin restore 
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Applies To: Windows Server 2012 R2, Windows Server 2012 


Starts a restore session and issues a PreRestore event to involved writers. 


Syntax 


begin restore 


Additional References 
e Command-Line Syntax Key 
e begin backup command 


e Prepare for restore 


bitsadmin 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 
2016, Windows Server 2012 R2, Windows Server 2012, Windows 10 


Bitsadmin is a command-line tool used to create, download or upload jobs, and to monitor their 
progress. The bitsadmin tool uses switches to identify the work to perform. You can call bitsadmin /? 
Or bitsadmin /help to geta list of switches. 


Most switches require a <job> parameter, which you set to the job's display name, or GUID. A job's 
display name doesn't have to be unique. The /create and /list switches return a job's GUID. 


By default, you can access information about your own jobs. To access information for another user's 
jobs, you must have administrator privileges. If the job was created in an elevated state, then you must 
run bitsadmin from an elevated window; otherwise, you'll have read-only access to the job. 


Many of the switches correspond to methods in the BITS interfaces. For additional details that may be 
relevant to using a switch, see the corresponding method. 


Use the following switches to create a job, set and retrieve the properties of a job, and monitor the 
status of a job. For examples that show how to use some of these switches to perform tasks, see 
bitsadmin examples. 


Available switches 


e bitsadmin /addfile 

e bitsadmin /addfileset 

e bitsadmin /addfilewithranges 
@ bitsadmin /cache 

@ bitsadmin /cache /delete 

@ bitsadmin /cache /deleteur| 

@ bitsadmin /cache /getexpirationtime 
@ bitsadmin /cache /getlimit 

e bitsadmin /cache /help 

e bitsadmin /cache /info 

e bitsadmin /cache /list 

e bitsadmin /cache /setexpirationtime 
e bitsadmin /cache /setlimit 

e bitsadmin /cache /clear 

e bitsadmin /cancel 

e bitsadmin /complete 

e bitsadmin /create 

e bitsadmin /examples 

e bitsadmin /getaclflags 

e bitsadmin /getbytestotal 

e bitsadmin /getbytestransferred 


bitsadmin /getclientcertificate 
bitsadmin /getcompletiontime 
bitsadmin /getcreationtime 
bitsadmin /getcustomheaders 
bitsadmin /getdescription 
bitsadmin /getdisplayname 
bitsadmin /geterror 

bitsadmin /geterrorcount 
bitsadmin /getfilestotal 
bitsadmin /getfilestransferred 
bitsadmin /gethelpertokenflags 
bitsadmin /gethelpertokensid 
bitsadmin /gethttpmethod 
bitsadmin /getmaxdownloadtime 
bitsadmin /getminretrydelay 
bitsadmin /getmodificationtime 
bitsadmin /getnoprogresstimeout 
bitsadmin /getnotifycmdline 
bitsadmin /getnotifyflags 
bitsadmin /getnotifyinterface 
bitsadmin /getowner 

bitsadmin /getpeercachingflags 
bitsadmin /getpriority 

bitsadmin /getproxybypasslist 
bitsadmin /getproxylist 
bitsadmin /getproxyusage 
bitsadmin /getreplydata 
bitsadmin /getreplyfilename 
bitsadmin /getreplyprogress 
bitsadmin /getsecurityflags 
bitsadmin /getstate 

bitsadmin /gettemporaryname 
bitsadmin /gettype 

bitsadmin /getvalidationstate 
bitsadmin /help 

bitsadmin /info 

bitsadmin /list 

bitsadmin /listfiles 

bitsadmin /makecustomheaderswriteonly 
bitsadmin /monitor 

bitsadmin /nowrap 

bitsadmin /peercaching 
bitsadmin /peercaching /getconfigurationflags 
bitsadmin /peercaching /help 
bitsadmin /peercaching /setconfigurationflags 


bitsadmin /peers 


bitsadmin /peers /clear 
bitsadmin /peers /discover 
bitsadmin /peers /help 

bitsadmin /peers /list 

bitsadmin /rawreturn 

bitsadmin /removeclientcertificate 
bitsadmin /removecredentials 
bitsadmin /replaceremoteprefix 
bitsadmin /reset 

bitsadmin /resume 

bitsadmin /setaclflag 

bitsadmin /setclientcer tificatebyid 
bitsadmin /setclientcer tificatebyname 
bitsadmin /setcredentials 
bitsadmin /setcustomheaders 
bitsadmin /setdescription 
bitsadmin /setdisplayname 
bitsadmin /sethelpertoken 
bitsadmin /sethelpertokenflags 
bitsadmin /sethttomethod 
bitsadmin /setmaxdownloadtime 
bitsadmin /setminretrydelay 
bitsadmin /setnoprogresstimeout 
bitsadmin /setnotifycmdline 
bitsadmin /setnotifyflags 
bitsadmin /setpeercachingflags 
bitsadmin /setpriority 

bitsadmin /setproxysettings 
bitsadmin /setreplyfilename 
bitsadmin /setsecurityflags 
bitsadmin /setvalidationstate 
bitsadmin /suspend 

bitsadmin /takeownership 
bitsadmin /transfer 

bitsadmin /util 

bitsadmin /util /enableanalyticchannel 
bitsadmin /util /getieproxy 
bitsadmin /util /help 

bitsadmin /util /repairservice 
bitsadmin /util /setieproxy 
bitsadmin /util /version 


bitsadmin /wrap 


bitsadmin addfile 
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Adds a file to the specified job. 


Syntax 


bitsadmin /addfile <job> <remoteURL> <localname> 
Parameters 
PARAMETER 
job 
remoteURL 


localname 


Examples 


To add a file to the job: 


DESCRIPTION 


The job's display name or GUID. 


The URL of the file on the server. 


The name of the file on the local computer. Localname must 
contain an absolute path to the file. 


bitsadmin /addfile myDownloadJob http://downloadsrv/1Ømb.zip c:N1Ømb.zip 


Repeat this call for each file to add. If multiple jobs use myDownload/ob as their name, you must replace 
myDownload/ob with the job's GUID to uniquely identify the job. 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin addfileset 
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Adds one or more files to the specified job. 


Syntax 


bitsadmin /addfileset <job> <textfile> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
textfile A text file, each line of which contains a remote and a local file 
name. Note: Names must space-delimited. Lines starting with 
a # character are treated as a comment. 
Examples 


bitsadmin /addfileset files.txt 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin addfilewithranges 
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Adds a file to the specified job. BITS downloads the specified ranges from the remote file. This switch is valid only 
for download jobs. 


Syntax 


bitsadmin /addfilewithranges <job> <remoteURL> <localname> <rangelist> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
remoteURL URL of the file on the server. 
localname Name of the file on the local computer. Must contain an 
absolute path to the file. 
rangelist Comma-delimited list of offset:length pairs. Use a colon to 
separate the offset value from the length value. For example, a 
value of @:100,2000:100,5000:eof tells BITS to transfer 100 
bytes from offset 0, 100 bytes from offset 2000, and the 
remaining bytes from offset 5000 to the end of the file. 
Remarks 


e The token eof is a valid length value within the offset and length pairs in the <rangelist> . It instructs the 
service to read to the end of the specified file. 


e The addfilewithranges command will fail with error code 0x8020002c, if a zero-length range is specified 
along with another range using same offset, such as: 


c:\bits>bitsadmin /addfilewithranges j2 http://bitsdc/dload/1k.zip c:\1k.zip 100:0,100:5 


Error message: Unable to add file to job - 0x8020002c. The list of byte ranges contains some overlapping 
ranges, which are not supported. 


Workaround: Don't specify the zero-length range first. For example, use 
bitsadmin /addfilewithranges j2 http://bitsdc/dload/1k.zip c:\1k.zip 100:5,100:0 


Examples 


To transfer 100 bytes from offset 0, 100 bytes from offset 2000, and the remaining bytes from offset 5000 to the 
end of the file: 


bitsadmin /addfilewithranges http://downloadsrv/10mb.zip c:\10mb.zip 0:100,2000:100,5000: eof 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin cache 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Contains a list of the bitsadmin /cache switches. 


Contains a list of the bitsadmin /cache switches. 


Syntax 


bitsadmin /cache /help 

bitsadmin /cache /clear 

bitsadmin /cache /delete 

bitsadmin /cache /deleteURL 
bitsadmin /cache /list 

bitsadmin /cache /info 

bitsadmin /cache /getlimit 
bitsadmin /cache /setlimit 
bitsadmin /cache /getexpirationtime 
bitsadmin /cache /setexpirationtime 


Parameters 
PARAMETER 
bitsadmin cache and help 
bitsadmin cache and clear 
bitsadmin cache and delete 
bitsadmin cache and deleteURL 
bitsadmin cache and list 
bitsadmin cache and info 
bitsadmin cache and getlimit 
bitsadmin cache and setlimit 
bitsadmin cache and getexpirationtime 


bitsadmin cache and setexpirationtime 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Displays the command-line usage for the /cache switches. 


Purges the local cache. 


Deletes a cache entry. 


Deletes all cache entries for the given URL. 


Lists all cache entries. 


Dumps a specific cache entry. 


Retrieves the cache limit. 


Sets the cache limit. 


Retrieves the cache expiration time. 


Sets the cache expiration time. 


e bitsadmin command 


bitsadmin cache and delete 
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Deletes a specific cache entry. 


Syntax 





bitsadmin /cache /delete recordID 








Parameters 

PARAMETER DESCRIPTION 

recordID The GUID associated with the cache entry. 
Examples 


To delete the cache entry with the RecordID of (6511FB02-E195-40A2-B595-E8E2F8F47702): 





bitsadmin /cache /delete (6511FBØ2-E195-4ØA2-B595-E8E2F8F47702) 





Additional References 
e Command-Line Syntax Key 


e bitsadmin cache command 


bitsadmin cache and delete URL 
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Deletes all cache entries for the given URL. 


Syntax 





bitsadmin /deleteURL URL 








Parameters 

PARAMETER DESCRIPTION 

URL The Uniform Resource Locator that identifies a remote file. 
Examples 





To delete all cache entries for | https: //www.contoso.com/en/us/default.aspx | 


bitsadmin /deleteURL https://www.contoso.com/en/us/default.aspx 








Additional References 
e Command-Line Syntax Key 


e bitsadmin cache command 


bitsadmin cache and getexpirationtime 
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Retrieves the cache expiration time. 


Syntax 





| bitsadmin /cache /getexpirationtime | 





Examples 


To retrieve the cache expiration time: 


bitsadmin /cache /getexpirationtime 


Additional References 
e Command-Line Syntax Key 


e bitsadmin cache command 


bitsadmin cache and getlimit 
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Retrieves the cache limit. 


Syntax 





| bitsadmin /cache /getlimit | 





Examples 


To retrieve the cache limit: 


bitsadmin /cache /getlimit 


Additional References 
e Command-Line Syntax Key 


e bitsadmin cache command 


bitsadmin cache and help 
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Displays the command-line usage for the cache switches. 


Syntax 





| bitsadmin /cache /help | 





Examples 


To show the command-line help for the cache switches. 


bitsadmin /cache /help 


Additional References 
e Command-Line Syntax Key 


e bitsadmin cache command 


bitsadmin cache and info 
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Dumps a specific cache entry. 


Syntax 


bitsadmin /cache /info recordID [/verbose] 


Parameters 

PARAMRETER DESCRIPTION 

recordID The GUID associated with the cache entry. 
Examples 


To dump the cache entry with the recordID value of (6511FB02-E195-40A2-B595-E8E2F8F47702): 


bitsadmin /cache /info (6511FBØ2-E195-4ØA2-B595-E8E2F8F47702) 


Additional References 


e Command-Line Syntax Key 


e bitsadmin cache command 


bitsadmin cache and list 
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Lists all cache entries. 


Syntax 





| bitsadmin /cache /list [/verbose] | 





Examples 


To list all cache entries in verbose format. 


bitsadmin /cache /list /verbose 


Additional References 
e Command-Line Syntax Key 


e bitsadmin cache command 


bitsadmin cache and setexpirationtime 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sets the cache expiration time. 


Syntax 


bitsadmin /cache /setexpirationtime secs 


Parameters 

PARAMETER DESCRIPTION 

secs The number of seconds until the cache expires. 
Examples 


To set the cache to expire in 60 seconds: 


bitsadmin /cache / setexpirationtime 69 


Additional References 


e Command-Line Syntax Key 


e bitsadmin cache command 


bitsadmin cache and setlimit 
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Sets the cache size limit. 


Syntax 





bitsadmin /cache /setlimit percent 








Parameters 
PARAMETER DESCRIPTION 
percent The cache limit defined as a percentage of the total hard disk 
space. 
Examples 


To set the cache size limit to 50%: 





bitsadmin /cache /setlimit 50 





Additional References 
e Command-Line Syntax Key 


e bitsadmin cache command 


bitsadmin cache and clear 
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Purges the local cache. 


Syntax 





| bitsadmin /cache /clear | 





Examples 


To purge the local cache: 


bitsadmin /cache /clear 


Additional References 
e Command-Line Syntax Key 


e bitsadmin cache command 


bitsadmin cancel 
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Removes the job from the transfer queue and deletes all temporary files associated with the job. 


Syntax 





bitsadmin /cancel <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To remove the myDownload/objob from the transfer queue: 





bitsadmin /cancel myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin complete 
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Completes the job. Use this switch after the job moves to the transferred state. Otherwise, only those files that 
have been successfully transferred will be available. 


Syntax 


bitsadmin /complete <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Example 


To complete the myDownload/ob job, after it reaches the TRANSFERRED state: 


bitsadmin /complete myDownloadJob 


If multiple jobs use myDownload/ob as their name, you must use the job's GUID to uniquely identify it for 
completion. 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin create 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a transfer job with the given display name. 





NOTE 
The /Upload and /Upload-Reply parameter types aren't supported by BITS 1.2 and earlier. 





Syntax 


bitsadmin /create [type] displayname 


Parameters 
PARAMETER DESCRIPTION 
type There are three types of jobs: 
e /Download. Transfers data from a server to a local 
file. 
e /Upload. Transfers data from a local file to a server. 
e /Upload-Reply. Transfers data from a local file to a 
server and receives a reply file from the server. 
This parameter defaults to /Download if it's not specified. 
displayname The display name assigned to the newly created job. 
Examples 


To create a download job named myDownload/ob. 


bitsadmin /create myDownloadJob 


Additional References 


e Command-Line Syntax Key 
e bitsadmin resume command 


e bitsadmin command 


bitsadmin examples 
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The following examples show how to use the bitsadmin tool to perform the most common tasks. 


Transfer a file 


To create a job, add files, activate the job in the transfer queue, and to complete the job: 
bitsadmin /transfer myDownloadJob /download /priority normal https://downloadsrv/10mb.zip c:\\10mb.zip 


BITSAdmin continues to show progress information in the MS-DOS window until the transfer completes or an 


error occurs. 


Create a download job 


To create a download job named myDownloadJob. 
bitsadmin /create myDownloadJob 


BITSAdmin returns a GUID that uniquely identifies the job. Use the GUID or job name in subsequent calls. The 
following text is sample output. 


Sample output 


created job (C775D194-Ø99ØF-431F-B5FB-8334DØØD1CB6) 


Add files to the download job 


To add a file to the job: 
bitsadmin /addfile myDownloadjJob https://downloadsrv/10mb.zip c:\\10mb.zip 


Repeat this call for each file you want to add. If multiple jobs use myDownload/ob as their name, you must use the 
job's GUID to uniquely identify it for completion. 


Activate the download job 


After you create a new job, BITS automatically suspends the job. To activate the job in the transfer queue: 
bitsadmin /resume myDownloadJob 


If multiple jobs use myDownload/ob as their name, you must use the job's GUID to uniquely identify it for 
completion. 


Determine the progress of the download job 


The /info switch returns the state of the job and the number of files and bytes transferred. When the state is 
shown aS_ TRANSFERRED , it means that BITS has successfully transferred all files in the job. You can also add the 
/verbose argument to get complete details of the job, and /list or /monitor to get all the jobs in the transfer 


queue. 


To return the state of the job: 
bitsadmin /info myDownloadJob /verbose 


If multiple jobs use myDownload/ob as their name, you must use the job's GUID to uniquely identify it for 


completion. 


Complete the download job 


To complete the job after the state changes to TRANSFERRED : 
bitsadmin /complete myDownloadJob 


You must run the /complete switch before the files in the job become available. If multiple jobs use 
myDownloadob as their name, you must use the job's GUID to uniquely identify it for completion. 


Monitor jobs in the transfer queue using the /list switch 


To return the state of the job and the number of files and bytes transferred for all jobs in the transfer queue: 


bitsadmin /list 


Sample output 


{6AF46E48-41D3-453F -B7AF -A694BBC823F7} job1 SUSPENDED @ / @ @ / @ 
{482FCAFO-74BF -469B-8929-5CCD@28C9499} job2 TRANSIENT_ERROR @ / 1 ® / UNKNOWN 


Listed 2 job(s). 


Monitor jobs in the transfer queue using the /monitor switch 


To return the state of the job and the number of files and bytes transferred for all jobs in the transfer queue, 
refreshing the data every 5 seconds: 


bitsadmin /monitor 





NOTE 


To stop the refresh, press CTRL+C. 





Sample output 


MONITORING BACKGROUND COPY MANAGER(5 second refresh) 
{6AF46E48-41D3-453F -B7AF -A694BBC823F7} job1 SUSPENDED @ / @ @ / @ 

{482FCAFO-74BF -469B-8929-5CCD@28C9499} job2 TRANSIENT_ERROR @ / 1 @ / UNKNOWN 
{0B138008 - 304B-4264-B@21-FD04455588FF} job3 TRANSFERRED 1 / 1 100379378 / 100379370 


Monitor jobs in the transfer queue using the /info switch 


To return the state of the job and the number of files and bytes transferred: 


bitsadmin /info 


Sample output 


GUID: (482FCAFØ-74BF-469B-8929-5CCDØ828C9499) DISPLAY: myDownloadJob 

TYPE: DOWNLOAD STATE: TRANSIENT_ERROR OWNER: domain\user 

PRIORITY: NORMAL FILES: @ / 1 BYTES: @ / UNKNOWN 

CREATION TIME: 12/17/2002 1:21:17 PM MODIFICATION TIME: 12/17/2092 1:21:30 PM 
COMPLETION TIME: UNKNOWN 

NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 3 

RETRY DELAY: 600 NO PROGRESS TIMEOUT: 1209600 ERROR COUNT: © 

PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL 


ERROR FILE: https://downloadsrv/1ømb.zip -> c:\10mb.zip 

ERROR CODE: Øx80072ee7 - The server name or address could not be resolved 
ERROR CONTEXT: 0x00000005 - The error occurred while the remote file was being 
processed. 

DESCRIPTION: 

JOB ETLES:; 


@ / UNKNOWN WORKING https://downloadsrv/10mb.zip -> c:\10mb.zip 
NOTIFICATION COMMAND LINE: none 


Delete jobs from the transfer queue 


To remove all jobs from the transfer queue, use the /reset switch: 


bitsadmin /reset 


Sample output 


{DC61A20C-44AB - 4768 -B175-8000D02545B9} canceled. 
{BB6E91F3-6EDA-4BB4-9F01-5C5CBB5411F8} canceled. 
2 out of 2 jobs canceled. 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getaclflags 
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Retrieves the access control list (ACL) propagations flags, reflecting whether items are inherited by child objects. 


Syntax 


bitsadmin /getaclflags <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Remarks 


Returns one or more of the following flag values: 

© o - Copy owner information with file. 

e g- Copy group information with file. 

e d - Copy discretionary access control list (DACL) information with file. 


e s - Copy system access control list (SACL) information with file. 


Examples 


To retrieve the access control list propagation flags for the job named myDownload/ob. 


bitsadmin /getaclflags myDownloadJob 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getbytestotal 
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Retrieves the size of the specified job. 


Syntax 





bitsadmin /getbytestotal <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the size of the job named myDownloaa/ob: 





bitsadmin /getbytestotal myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getbytestransferred 
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Retrieves the number of bytes transferred for the specified job. 


Syntax 





bitsadmin /getbytestransferred <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the number of bytes transferred for the job named myDownload/ob. 





bitsadmin /getbytestransferred myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getclientcertificate 
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Retrieves the client certificate from the job. 


Syntax 





bitsadmin /getclientcertificate <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the client certificate for the job named myDownload/ob: 





bitsadmin /getclientcertificate myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getcompletiontime 
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Retrieves the time that the job finished transferring data. 


Syntax 





bitsadmin /getcompletiontime <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the time that the job named myDownload/ob finished transferring data: 





bitsadmin /getcompletiontime myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getcreationtime 
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Retrieves the creation time for the specified job. 


Syntax 





bitsadmin /getcreationtime <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the creation time for the job named myDownload/ob. 





bitsadmin /getcreationtime myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getcustomheaders 
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Retrieves the custom HTTP headers from the job. 


Syntax 





bitsadmin /getcustomheaders <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To get the custom headers for the job named myDownload/ob: 





bitsadmin /getcustomheaders myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getdescription 
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Retrieves the description of the specified job. 


Syntax 





bitsadmin /getdescription <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the description for the job named myDownload/ob: 





bitsadmin /getdescription myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getdisplayname 
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Retrieves the display name of the specified job. 


Syntax 





bitsadmin /getdisplayname <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the display name for the job named myDownloaa/ob: 





bitsadmin /getdisplayname myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin geterror 
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Retrieves detailed error information for the specified job. 


Syntax 





bitsadmin /geterror <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the error information for the job named myDownload/ob. 





bitsadmin /geterror myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin geterrorcount 
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Retrieves a count of the number of times the specified job generated a transient error. 


Syntax 





bitsadmin /geterrorcount <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve error count information for the job named myDownload/ob: 





bitsadmin /geterrorcount myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getfilestotal 
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Retrieves the number of files in the specified job. 


Syntax 





bitsadmin /getfilestotal <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the number of files included in the job named myDownload/ob. 





bitsadmin /getfilestotal myDownloadJob 





See Also 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getfilestransferred 
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Retrieves the number of files transferred for the specified job. 


Syntax 





bitsadmin /getfilestransferred <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the number of files transferred in the job named myDownload/ob. 





bitsadmin /getfilestransferred myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin gethelpertokenflags 
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Returns the usage flags for a helper token that is associated with a BITS transfer job. 





NOTE 
This command isn't supported by BITS 3.0 and earlier. 





Syntax 


bitsadmin /gethelpertokenflags <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Remarks 


Possible return values, including: 


e 0x0001. The helper token is used to open the local file of an upload job, to create or rename the temporary 
file of a download job, or to create or rename the reply file of an upload-reply job. 


e 0x0002. The helper token is used to open the remote file of a Server Message Block (SMB) upload or 
download job, or in response to an HTTP server or proxy challenge for implicit NTLM or Kerberos 
credentials. You must call /SetCredentialsJob TargetScheme NULL NULL to allow the credentials to be sent 
over HTTP. 


Examples 


To retrieve the usage flags for a helper token associated with a BITS transfer job named myDownload/ob: 


bitsadmin /gethelpertokenflags myDownloadJob 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin gethelpertokensid 
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Returns the SID of a BITS transfer job's helper token, if one is set. 





NOTE 
This command isn't supported by BITS 3.0 and earlier. 





Syntax 


bitsadmin /gethelpertokensid <job> 





Parameters 


PARAMETER DESCRIPTION 





job The job's display name or GUID. 


Examples 


To retrieve the SID of a BITS transfer job named myDownloadob: 





bitsadmin /gethelpertokensid myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin gethttomethod 
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Gets the HTTP verb to use with the job. 


Syntax 





bitsadmin /gethttpmethod <Job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the HTTP verb to use with the job named myDownload/ob: 





bitsadmin /gethttpmethod myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getmaxdownloadtime 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Retrieves the download timeout in seconds. 


Syntax 


bitsadmin /getmaxdownloadtime <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To get the maximum download time for the job named myDownload/ob in seconds: 


bitsadmin /getmaxdownloadtime myDownloadJob 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getminretrydelay 
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Retrieves the length of time, in seconds, that the service will wait after encountering a transient error before trying 
to transfer the file. 


Syntax 


bitsadmin /getminretrydelay <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the minimum retry delay for the job named myDownload/ob. 


bitsadmin /getminretrydelay myDownloadJob 
Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getmodificationtime 
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Retrieves the last time the job was modified or data was successfully transferred. 


Syntax 





bitsadmin /getmodificationtime <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the last modified time for the job named myDownload/ob: 





bitsadmin /getmodificationtime myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getnoprogresstimeout 
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Retrieves the length of time, in seconds, that the service will try to transfer the file after a transient error occurs. 


Syntax 


bitsadmin /getnoprogresstimeout <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the progress time out value for the job named myDownload/ob. 


bitsadmin /getnoprogresstimeout myDownloadJob 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getnotifycmdline 
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Retrieves the command-line command to run after the specified job finishes transferring data. 





NOTE 


This command isn't supported by BITS 1.2 and earlier. 





Syntax 


bitsadmin /getnotifycmdline <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the command-line command used by the service when the job named myDownload/ob completes. 


bitsadmin /getnotifycmdline myDownloadJob 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getnotifyflags 
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Retrieves the notification flags for the specified job. 


Syntax 


bitsadmin /getnotifyflags <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Remarks 


The job can contain one or more of the following notification flags: 


FLAG DESCRIPTION 

0x001 Generate an event when all files in the job have been 
transferred. 

0x002 Generate an event when an error occurs. 

0x004 Disable notifications. 

0x008 Generate an event when the job is modified or transfer 


progress is made. 
Examples 
To retrieve the notify flags for the job named myDownloadob. 


bitsadmin /getnotifyflags myDownloadJob 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getnotifyinterface 
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Determines whether another program has registered a COM callback interface (the notify interface) for the 
specified job. 


Syntax 


bitsadmin /getnotifyinterface <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Output 


The output for this command displays either, Registered or Unregistered. 





NOTE 


It's not possible to determine the program that registered the callback interface. 





Examples 


To retrieve the notify interface for the job named myDownload/ob: 


bitsadmin /getnotifyinterface myDownloadJob 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getowner 
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Displays the display name or GUID of the owner of the specified job. 


Syntax 





bitsadmin /getowner <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To display the owner for the job named myDownload/ob: 





bitsadmin /getowner myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getpeercachingflags 


11/2/2020 * 2 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Retrieves flags that determine if the files of the job can be cached and served to peers, and if BITS can download 


content for the job from peers. 


Syntax 


bitsadmin /getpeercachingflags <job> 


Parameters 
PARAMETER 
job 


Examples 


To retrieve the flags for the job named myDownloadob. 


bitsadmin /getpeercachingflags myDownloadJob 
Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


DESCRIPTION 


The job's display name or GUID. 


bitsadmin getpriority 
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Retrieves the priority of the specified job. 


Syntax 


bitsadmin /getpriority <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Output 


The returned priority for this command can be: 
e FOREGROUND 

e HIGH 

e NORMAL 

e LOW 


e UNKNOWN 


Examples 


To retrieve the priority for the job named myDownload/ob: 


bitsadmin /getpriority myDownloadJob 
Additional References 


e Command-Line Syntax Key 


e@ bitsadmin command 


bitsadmin getproxybypasslist 
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Retrieves the proxy bypass list for the specified job. 


Syntax 


bitsadmin /getproxybypasslist <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Remarks 


The bypass list contains the host names or IP addresses, or both, that are not to be routed through a proxy. The list 
can contain <local> to refer to all servers on the same LAN. The list can be semicolon (;) or space-delimited. 


Examples 


To retrieve the proxy bypass list for the job named myDownload/ob: 


bitsadmin /getproxybypasslist myDownloadJob 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getproxylist 
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Retrieves the comma-delimited list of proxy servers to use for the specified job. 


Syntax 





bitsadmin /getproxylist <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the proxy list for the job named myDownload/ob: 





bitsadmin /getproxylist myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getproxyusage 
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Retrieves the proxy usage setting for the specified job. 


Syntax 


bitsadmin /getproxyusage <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Output 


The returned proxy usage values can be: 
e Preconfig - Use the owner's Internet Explorer defaults. 
e No_Proxy - Don't use a proxy server. 
e@ Override - Use an explicit proxy list. 


e Autodetect - Automatically detect the proxy settings. 


Examples 


To retrieve the proxy usage for the job named myDownload/ob. 


bitsadmin /getproxyusage myDownloadJob 
Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getreplydata 
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Retrieves the server's upload-reply data in hexadecimal format for the job. 





NOTE 
This command isn't supported by BITS 1.2 and earlier. 





Syntax 


bitsadmin /getreplydata <job> 





Parameters 


PARAMETER DESCRIPTION 





job The job's display name or GUID. 


Examples 


To retrieve the upload-reply data for the job named myDownload/ob. 





bitsadmin /getreplydata myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getreplyfilename 
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Gets the path of the file that contains the server upload-reply for the job. 





NOTE 
This command isn't supported by BITS 1.2 and earlier. 





Syntax 


bitsadmin /getreplyfilename <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the upload-reply filename for the job named myDownload/ob. 


bitsadmin /getreplyfilename myDownloadJob 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getreplyprogress 
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Retrieves the size and progress of the server upload-reply. 





NOTE 
This command isn't supported by BITS 1.2 and earlier. 





Syntax 


bitsadmin /getreplyprogress <job> 





Parameters 


PARAMETER DESCRIPTION 





job The job's display name or GUID. 


Examples 


To retrieve the upload-reply progress for the job named myDownloadob. 





bitsadmin /getreplyprogress myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getsecurityflags 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Reports the HTTP security flags for URL redirection and checks performed on the server certificate during the 
transfer. 


Syntax 


bitsadmin /getsecurityflags <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the security flags from a job named myDownloadob. 


bitsadmin /getsecurityflags myDownloadJob 
Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin getstate 
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Retrieves the state of the specified job. 


Syntax 


bitsadmin /getstate <job> 
Parameters 
PARAMETER 
job 


Output 


The returned output values can be: 


STATE 
Queued 
Connecting 
Transferring 
Transferred 
Suspended 


Error 
Transient Error 


Acknowledged 


Canceled 


Examples 


To retrieve the state for the job named myDownloadob. 


bitsadmin /getstate myDownloadJob 


Additional References 


DESCRIPTION 


The job's display name or GUID. 


DESCRIPTION 


The job is waiting to run. 


BITS is contacting the server. 


BITS is transferring data. 


BITS has successfully transferred all files in the job. 


The job is paused. 


A non-recoverable error occurred; the transfer will not be 
retried. 


A recoverable error occurred; the transfer retries when the 
minimum retry delay expires. 


The job completed. 


The job was canceled. 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin gettemporaryname 
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Reports the temporary filename of the given file within the job. 


Syntax 


bitsadmin /gettemporaryname <job> <file index> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
file index Starts from 0. 

Examples 


To report the temporary filename of file 2 for the job named myDownload/ob: 


bitsadmin /gettemporaryname myDownloadJob 1 
Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin gettype 
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Retrieves the job type of the specified job. 


Syntax 


bitsadmin /gettype <job> 
Parameters 
PARAMETER 
job 


Output 


The returned output values can be: 


TYPE 
Download 
Upload 
Upload-Reply 


Unknown 
Examples 
To retrieve the job type for the job named myDownload/ob. 


bitsadmin /gettype myDownloadJob 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


DESCRIPTION 


The job's display name or GUID. 


DESCRIPTION 


The job is a download. 


The job is an upload. 


The job is an upload-reply. 


The job has an unknown type. 


bitsadmin getvalidationstate 
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Reports the content validation state of the given file within the job. 


Syntax 


bitsadmin /getvalidationstate <job> <file index> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
file index Starts from 0. 

Examples 


To retrieve the content validation state of file 2 within the job named myDownload/ob: 


bitsadmin /getvalidationstate myDownloadJob 1 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin help 
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Displays help-related information about the bitsadmin command-line parameters and options. 


Syntax 





| bitsadmin /help | /? | 





Examples 


To retrieve the command-line help. 


bitsadmin /help 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin info 
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Displays summary information about the specified job. 


Syntax 





bitsadmin /info <job> [/verbose] 














Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 

/verbose Optional. Provides detailed information about each job. 
Examples 


To retrieve information about the job named myDownloaa/Job: 





bitsadmin /info myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin info 


bitsadmin list 
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Lists the transfer jobs owned by the current user. 


Syntax 


bitsadmin /list [/allusers][/verbose] 


Parameters 
PARAMETER DESCRIPTION 
/allusers Optional. Lists jobs for all users. You must have administrator 
privileges to use this parameter. 
/verbose Optional. Provides detailed information about each job. 
Examples 


To retrieve information about jobs owned by the current user. 


bitsadmin /list 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin listfiles 
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Lists the files in the specified job. 


Syntax 





bitsadmin /listfiles <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve the list of files for the job named myDownloaa/ob: 





bitsadmin /listfiles myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin makecustomheaderswriteonly 
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Make a job's Custom HTTP Headers write-only. 





IMPORTANT 


This action can't be undone. 





Syntax 


bitsadmin /makecustomheaderswriteonly <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To make Custom HTTP Headers write-only for the job named myDownload/ob. 


bitsadmin /makecustomheaderswriteonly myDownloadJob 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin monitor 
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Monitors jobs in the transfer queue that are owned by the current user. 


Syntax 


bitsadmin /monitor [/allusers] [/refresh <seconds>] 


Parameters 
PARAMETER DESCRIPTION 
/allusers Optional. Monitors jobs for all users. You must have 
administrator privileges to use this parameter. 
/refresh Optional. Refreshes the data at an interval specified by 
<seconds> . The default refresh interval is five seconds. To 
stop the refresh, press CTRL+C. 
Examples 


To monitor the transfer queue for jobs owned by the current user and refreshes the information every 60 seconds. 


bitsadmin /monitor /refresh 60 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin nowrap 
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Truncates any line of output text extending beyond the right-most edge of the command window. By default, all 
switches, except the monitor switch, wrap the output. Specify the nowrap switch before other switches. 


Syntax 


bitsadmin /nowrap 


Examples 


To retrieve the state for the job named myDownload/ob while not wrapping the output: 


bitsadmin /nowrap /getstate myDownloadJob 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin peercaching 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Lists the /peercaching switches. 


Lists the /peercaching switches. 


Syntax 


bitsadmin /peercaching /help 
bitsadmin /peercaching /setconfigurationflags 
bitsadmin /peercaching /getconfigurationflags 


Parameters 

PARAMETER DESCRIPTION 

bitsadmin peercaching and help Displays the command-line usage for the /peercaching 
switches. 

bitsadmin peercaching and setconfigurationflags Sets the configuration flags that determine if the computer 
can serve content to peers and if it can download content 
from peers. 

bitsadmin peercaching and getconfigurationflags Gets the configuration flags that determine if the computer 
serves content to peers and if it can download content from 
peers. 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin peercaching and getconfigurationflags 
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Gets the configuration flags that determine if the computer serves content to peers and if it can download content 
from peers. 


Syntax 


bitsadmin /peercaching /getconfigurationflags <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To get the configuration flags for the job named myDownload/ob: 


bitsadmin /peercaching /getconfigurationflags myDownloadJob 


Additional References 
e Command-Line Syntax Key 
e bitsadmin command 


e bitsadmin peercaching command 


bitsadmin peercaching and help 
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Displays the command-line usage for the /peercaching switches. 


Syntax 





| bitsadmin /peercaching /help | 





Examples 


To display the command-line help for the /peercaching switches: 


bitsadmin /peercaching /help 


Additional References 
e Command-Line Syntax Key 
e bitsadmin command 


e bitsadmin peercaching command 


bitsadmin peercaching and setconfigurationflags 
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Sets the configuration flags that determine if the computer can serve content to peers and if it can download 
content from peers. 


Syntax 


bitsadmin /peercaching /setconfigurationflags <job> <value> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
value An unsigned integer with the following interpretation for the 
bits in the binary representation: 
e To allow the job's data to be downloaded from a peer, 
set the least significant bit. 
e To allow the job's data to be served to peers, set the 
second bit from the right. 
Examples 


To specify the job's data to be downloaded from peers for the job named myDownload/ob: 


bitsadmin /peercaching /setconfigurationflags myDownloadJob 1 


Additional References 


e Command-Line Syntax Key 
e bitsadmin command 


e bitsadmin peercaching command 


bitsadmin peers 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Lists the available /peers switches. 


Lists the available /peers switches. 


bitsadmin /peers /help 
bitsadmin /peers /discover 
bitsadmin /peers /clear 
bitsadmin /peers /list 


Parameters 
PARAMETER DESCRIPTION 
bitsadmin peers and help Displays the command-line usage for the /peers switches. 
bitsadmin peers and discover Discovers peers again. 
bitsadmin peers and clear Clears the peers list. 
bitsadmin peers and list Lists all peers. 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin peers and clear 
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Clears the peer list. 


Syntax 





| bitsadmin /peers /clear | 





Examples 


To clears the peer list. 


bitsadmin /peers /clear 


Additional References 
e Command-Line Syntax Key 
e bitsadmin command 


e bitsadmin peers command 


bitsadmin peers and discover 
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Discovers peers again. 


Syntax 





| bitsadmin /peers /discover | 





Examples 


To discover peers again: 


bitsadmin /peers /discover 


Additional References 
e Command-Line Syntax Key 
e bitsadmin command 


e bitsadmin peers command 


bitsadmin peers and help 
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Displays the command-line usage for the /peers switches. 


Syntax 





| bitsadmin /peers /help | 





Examples 


To display the command-line usage for the /peers switches: 


bitsadmin /peers /help 


Additional References 
e Command-Line Syntax Key 
e bitsadmin command 


e bitsadmin peers command 


bitsadmin peers and list 
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Lists all peers. 


Syntax 





| bitsadmin /peers /list | 





Examples 


To list all peers: 


bitsadmin /peers /list 


Additional References 
e Command-Line Syntax Key 
e bitsadmin command 


e bitsadmin peers command 


bitsadmin rawreturn 
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Returns data suitable for parsing. Typically, you use this command in conjunction with the /create and /get* 
switches to receive only the value. You must specify this switch before other switches. 





NOTE 


This command strips newline characters and formatting from the output. 





Syntax 


bitsadmin /rawreturn 


Examples 


To retrieve the raw data for the state of the job named myDownloadob. 


bitsadmin /rawreturn /getstate myDownloadJob 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin removeclientcertificate 
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Removes the client certificate from the job. 


Syntax 





bitsadmin /removeclientcertificate <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To remove the client certificate from the job named myDownload/ob. 





bitsadmin /removeclientcertificate myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin removecredentials 
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Removes credentials from a job. 





NOTE 
This command isn't supported by BITS 1.2 and earlier. 





Syntax 


bitsadmin /removecredentials <job> <target> <scheme> 


Parameters 


PARAMETER DESCRIPTION 
job The job's display name or GUID. 
target Use either SERVER or PROXY. 


scheme Use one of the following: 

e BASIC. Authentication scheme where the user name 
and password are sent in clear-text to the server or 
proxy. 

e DIGEST. A challenge-response authentication scheme 
that uses a server-specified data string for the 
challenge. 

e NTLM. A challenge-response authentication scheme 
that uses the credentials of the user for authentication 
in a Windows network environment. 

e NEGOTIATE (also known as the Simple and 
Protected Negotiation protocol). A challenge- 
response authentication scheme that negotiates with 
the server or proxy to determine which scheme to use 
for authentication. Examples are the Kerberos protocol 
and NTLM. 

e PASSPORT. A centralized authentication service 
provided by Microsoft that offers a single logon for 
member sites. 


Examples 


To remove credentials from the job named myDownload/ob: 


bitsadmin /removecredentials myDownloadJob SERVER BASIC 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin replaceremoteprefix 
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Changes the remote URL for all files in the job from o/dprefixto newprefix, as necessary. 


Syntax 


bitsadmin /replaceremoteprefix <job> <oldprefix> <newprefix> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
oldprefix Existing URL prefix. 
newprefix New URL prefix. 
Examples 


To change the remote URL for all files in job named myDownload/ob, from http,//stageserver to http.//prodserver. 


bitsadmin /replaceremoteprefix myDownloadJob http://stageserver http://prodserver 


Additional information 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin reset 
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Cancels all jobs in the transfer queue owned by the current user. You can't reset jobs created by Local System. 
Instead, you must be an administrator and use the task scheduler to schedule this command as a task using the 
Local System credentials. 





NOTE 


If you have administrator privileges in BITSAdmin 1.5 and earlier, the /reset switch will cancel all the jobs in the queue. 
Additionally, the /allusers option isn't supported. 





Syntax 


bitsadmin /reset [/allusers] 


Parameters 
PARAMETER DESCRIPTION 
/allusers Optional. Cancels all jobs in the queue owned by the current 
user. You must have administrator privileges to use this 
parameter. 
Examples 


To cancel all the jobs in the transfer queue for the current user. 


bitsadmin /reset 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin resume 
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Activates a new or suspended job in the transfer queue. If you resumed your job by mistake, or simply need to 
suspend your job, you can use the bitsadmin suspend switch to suspend the job. 


Syntax 


bitsadmin /resume <job> 
Parameters 
PARAMETER 
job 


Examples 


To resume the job named myDownload/ob. 


bitsadmin /resume myDownloadJob 


Additional References 


e Command-Line Syntax Key 
e bitsadmin suspend command 


e bitsadmin command 


DESCRIPTION 


The job's display name or GUID. 


bitsadmin setaclflag 
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Sets the access control list (ACL) propagations flags for the job. The flags indicate that you want to maintain the 
owner and ACL information with the file being downloaded. For example, to maintain the owner and group with 
the file, set the flags parameter to og. 


Syntax 


bitsadmin /setaclflag <job> <flags> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
flags Specify one or more of the values, including: 
e o - Copy owner information with file. 
© g - Copy group information with file. 
© d - Copy discretionary access control list (DACL) 
information with file. 
© s - Copy system access control list (SACL) information 
with file. 
Examples 


To set the access control list propagation flags for the job named myDownload/ob, so it maintains the owner and 
group information with the downloaded files. 


bitsadmin /setaclflags myDownloadJob og 
Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setclientcertificatebyid 
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Specifies the identifier of the client certificate to use for client authentication in an HTTPS (SSL) request. 


Syntax 


bitsadmin /setclientcertificatebyid <job> <store location> <store name> <hexadecimal cert id> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 

store location Identifies the location of a system store to use for looking up 
the certificate, including: 
e CURRENT USER 
e LOCAL MACHINE 
e CURRENT SERVICE 
e SERVICES 
e USERS 
e CURRENT_USER_GROUP_POLICY 
e LOCAL_MACHINE_GROUP_POLICY 
e LOCAL MACHINE ENTERPRISE. 

store name The name of the certificate store, including: 
e CA (Certification Authority certificates) 
e MY (Personal certificates) 
e ROOT (Root certificates) 
e SPC (Software Publisher Certificate). 

hexadecimal cert id A hexadecimal number representing the hash of the 
certificate. 

Examples 


To specify the identifier of the client certificate to use for client authentication in an HTTPS (SSL) request for the job 


named myDownloadob: 


bitsadmin /setclientcertificatebyid myDownloadJob BG CERT STORE LOCATION CURRENT USER MY 


A106B52356D3FBCD1853A41B619358BD 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setclientcertificatebyname 
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Specifies the subject name of the client certificate to use for client authentication in an HTTPS (SSL) request. 


Syntax 


bitsadmin /setclientcertificatebyname <job> <store location> <store name> <subject name> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 

store location Identifies the location of a system store to use for looking up 
the certificate. Possible values indude: 
e 1 (CURRENT USER) 
e 2 (LOCAL MACHINE) 
e 3 (CURRENT SERVICE) 
© 4 (SERVICES) 
e@ 5 (USERS) 
e 6 (CURRENT USER GROUP POLICY) 
e 7 (LOCAL MACHINE GROUP POLICY) 
e 8 (LOCAL MACHINE ENTERPRISE) 

store name The name of the certificate store. Possible values include: 
© CA (Certification Authority certificates) 
e MY (Personal certificates) 
e ROOT (Root certificates) 
e SPC (Software Publisher Certificate) 

subject_name Name of the certificate. 

Examples 


To specify the name of the client certificate myCertificate to use for client authentication in an HTTPS (SSL) request 


for the job named myDownload/ob: 


bitsadmin /setclientcertificatebyname myDownloadJob 1 MY myCertificate 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setcredentials 
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Adds credentials to a job. 





NOTE 
This command isn't supported by BITS 1.2 and earlier. 





Syntax 


bitsadmin /setcredentials <job> <target> <scheme> <username> <password> 


Parameters 


PARAMETER DESCRIPTION 
job The job's display name or GUID. 
target Use either SERVER or PROXY. 


scheme Use one of the following: 

e BASIC. Authentication scheme where the user name 
and password are sent in clear-text to the server or 
proxy. 

e DIGEST. A challenge-response authentication scheme 
that uses a server-specified data string for the 
challenge. 

e NTLM. A challenge-response authentication scheme 
that uses the credentials of the user for authentication 
in a Windows network environment. 

e NEGOTIATE (also known as the Simple and 
Protected Negotiation protocol). A challenge- 
response authentication scheme that negotiates with 
the server or proxy to determine which scheme to use 
for authentication. Examples are the Kerberos protocol 
and NTLM. 

e PASSPORT. A centralized authentication service 
provided by Microsoft that offers a single logon for 
member sites. 


user_name The name of the user. 


password The password associated with the provided Username. 


Examples 


To add credentials to the job named myDownloadJob: 


bitsadmin /setcredentials myDownloadJob SERVER BASIC Edward password2Ø 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setcustomheaders 
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Add a custom HTTP header to a GET request sent to an HTTP server. For more information about GET requests, see 
Method Definitions and Header Field Definitions. 


Syntax 


bitsadmin /setcustomheaders <job> <header1> <header2> <...> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
<header1> <header2> and so on The custom headers for the job. 
Examples 


To add a custom HTTP header for the job named myDownload/ob: 
bitsadmin /setcustomheaders myDownloadJob accept-encoding:deflate/gzip 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setdescription 
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Sets the description for the specified job. 


Syntax 





bitsadmin /setdescription <job> <description> 











Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
description Text used to describe the job. 
Examples 


To retrieve the description for the job named myDownload/ob: 





bitsadmin /setdescription myDownloadJob music downloads 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setdisplayname 
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Sets the display name for the specified job. 


Syntax 


bitsadmin /setdisplayname <job> <display_name> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 

display_name Text used as the displayed name for the specific job. 
Examples 


To set the display name for the job to myDownloadob. 


bitsadmin /setdisplayname myDownloadJob 
Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin sethelpertoken 
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Sets the current command prompt's primary token (or an arbitrary local user account's token, if specified) as a 
BITS transfer job's helper token. 





NOTE 


This command isn't supported by BITS 3.0 and earlier. 





Syntax 


bitsadmin /sethelpertoken <job> [<user_name@domain> <password>] 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
<username@domain> <password> Optional. The local user account credentials for which token to 


use. 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin sethelpertokenflags 
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Sets the usage flags for a helper token that is associated with a BITS transfer job. 





NOTE 
This command isn't supported by BITS 3.0 and earlier. 





Syntax 


bitsadmin /sethelpertokenflags <job> <flags> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
flags Possible helper token values, including: 


e 0x0001. Used to open the local file of an upload job, 
to create or rename the temporary file of a download 
job, or to create or rename the reply file of an upload- 
reply job. 

© 0x0002. Used to open the remote file of a Server 
Message Block (SMB) upload or download job, or in 
response to an HTTP server or proxy challenge for 
implicit NTLM or Kerberos credentials. 


You must call 
/setcredentialsjob targetscheme null null to send the 
credentials over HTTP. 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin sethttomethod 
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Sets the HTTP verb to use. 


Syntax 





bitsadmin /sethttpmethod <job> <httpmethod> 











Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
httpmethod The HTTP verb to use. For information about available verbs, 


see Method Definitions. 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setmaxdownloadtime 
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Sets the download timeout in seconds. 


Syntax 


bitsadmin /setmaxdownloadtime <job> <timeout> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 

timeout The length for the download timeout, in seconds. 
Examples 


To set the timeout for the job named myDownload/ob to 10 seconds. 


bitsadmin /setmaxdownloadtime myDownloadJob 16 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setminretrydelay 
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Sets the minimum length of time, in seconds, that BITS waits after encountering a transient error before trying to 
transfer the file. 


Syntax 


bitsadmin /setminretrydelay <job> <retrydelay> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
retrydelay Minimum length of time for BITS to wait after an error during 
transfer, in seconds. 
Examples 


To set the minimum retry delay to 35 seconds for the job named myDownload/ob. 


bitsadmin /setminretrydelay myDownloadJob 35 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setnoprogresstimeout 


11/2/2020 * 2 minutes to read * Edit Online 





Sets the length of time, in seconds, that BITS tries to transfer the file after the first transient error occurs. 


Syntax 


bitsadmin /setnoprogresstimeout <job> <timeoutvalue> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
timeoutvalue The length of time that BITS waits to transfer a file after the 
first error, in seconds. 
Remarks 


e The "no progress" timeout interval begins when the job encounters its first transient error. 
e The timeout interval stops or resets when a byte of data is successfully transferred. 


e Ifthe "no progress" timeout interval exceeds the timeoutvalue then the job is placed in a fatal error state. 


Examples 


To set the "no progress" timeout value to 20 seconds, for the job named myDownload/ob. 


bitsadmin /setnoprogresstimeout myDownloadJob 29 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setnotifycmdline 
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Sets the command-line command that runs after the job finishes transferring data or after a job enters a specified 
state. 





NOTE 


This command isn't supported by BITS 1.2 and earlier. 





Syntax 


bitsadmin /setnotifycmdline <job> <program name> [program parameters] 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
program name Name of the command to run when the job completes. You 
can set this value as NULL, but if you do, program parameters 
must also be set to NULL. 
program parameters Parameters that you want to pass to program name. You can 
set this value as NULL. If program parameters isn't set to 
NULL, then the first parameter in program parameters must 
match the program name. 
Examples 


To run Notepad.exe at the completion of the job named myDownload/ob. 
bitsadmin /setnotifycmdline myDownloadJob c:\winnt\system32\notepad.exe NULL 

To show the EULA text in Notepad.exe, at the completion of the job named myDownloadJob: 
bitsadmin /setnotifycmdline myDownloadJob c:\winnt\system32\notepad.exe notepad c:\eula.txt 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setnotifyflags 
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Sets the event notification flags for the specified job. 


Syntax 


bitsadmin /setnotifyflags <job> <notifyflags> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
notifyflags Can include one or more of the following notification flags, 
including: 
e 1. Generates an event when all files in the job have 
been transferred. 
e 2. Generates an event when an error occurs. 
© 3. Generates an event when all files have completed 
transfer or when an error occurs. 
e 4. Disables notifications. 
Examples 


To set the notification flags to generate an event when an error occurs, for a job named myDownloadob. 


bitsadmin /setnotifyflags myDownloadJob 2 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setpeercachingflags 
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Sets flags that determine if the files of the job can be cached and served to peers and if the job can download 
content from peers. 


Syntax 


bitsadmin /setpeercachingflags <job> <value> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
value An unsigned integer, including: 
e 1. The job can download content from peers. 
e 2. The files of the job can be cached and served to 
peers. 
Examples 


To allow the job named myDownloadJob to download content from peers: 


bitsadmin /setpeercachingflags myDownloadJob 1 
Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setpriority 
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Sets the priority of the specified job. 


Syntax 


bitsadmin /setpriority <job> <priority> 


Parameters 
PARAMETER DESCRIPTION 
job The job's display name or GUID. 
priority Sets the priority of the job, including: 
e FOREGROUND 
e HIGH 
e NORMAL 
e LOW 
Examples 


To set the priority for the job named myDownload/ob to normal: 


bitsadmin /setpriority myDownloadJob NORMAL 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setproxysettings 
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Sets the proxy settings for the specified job. 


Syntax 


bitsadmin /setproxysettings <job> <usage> [list] [bypass] 


Parameters 


PARAMETER DESCRIPTION 
job The job's display name or GUID. 


usage Sets the proxy usage, including: 
e PRECONFIG. Use the owner's Internet Explorer 
defaults. 
e NO PROXY. Dont use a proxy server. 
© OVERRIDE. Use an explicit proxy list and bypass list. 
The proxy list and proxy bypass information must 
follow. 


e AUTODETECT. Automatically detects proxy settings. 


list Used when the Usage parameter is set to OVERRIDE. Must 
contain a comma-delimited list of proxy servers to use. 


bypass Used when the Usage parameter is set to OVERRIDE. Must 
contain a space-delimited list of host names or IP addresses, 
or both, for which transfers are not to be routed through a 
proxy. This can be <local> to refer to all servers on the 
same LAN. Values of NULL may be used for an empty proxy 
bypass list. 


Examples 


To set the proxy settings using the various usage options for the job named myDownload/ob: 


bitsadmin /setproxysettings myDownloadJob PRECONFIG 
bitsadmin /setproxysettings myDownloadJob NO PROXY 
bitsadmin /setproxysettings myDownloadJob OVERRIDE proxy1:80 


bitsadmin /setproxysettings myDownloadJob OVERRIDE proxy1,proxy2,proxy3 NULL 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setreplyfilename 
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Specifies the path of the file that contains the server upload-reply. 





NOTE 
This command isn't supported by BITS 1.2 and earlier. 





Syntax 


bitsadmin /setreplyfilename <job> <file path> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 

file path Location to put the server upload-reply. 
Examples 


To set the upload-reply filename file path for the job named myDownload/ob: 


bitsadmin /setreplyfilename myDownloadJob c:\upload-reply 
Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setsecurityflags 
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Sets security flags for HTTP to determine if BITS should check the certificate revocation list, ignore certain 
certificate errors, and define the policy to use when a server redirects the HTTP request. The value is an unsigned 
integer. 


Syntax 


bitsadmin /setsecurityflags <job> <value> 


Parameters 


PARAMETER DESCRIPTION 
job The job's display name or GUID. 


value Can include one or more of the following notification flags, 

including: 

© Set the least significant bit to enable CRL Check. 

e Set the 2nd bit from the right to ignore incorrect 
common names in the server certificate. 

e Set the 3rd bit from the right to ignore incorrect dates 
in the server certificate. 

e Set the 4th bit from the right to ignore incorrect 
certification authorities in the server certificate. 

© Set the 5th bit from the right to ignore incorrect usage 
of the server certificate. 

e Set the 9th through the 11th bits from the right to 
implement your specified redirection policy, including: 
° 0,0,0. Redirects are automatically allowed. 
o 0,0,1. Remote name in the 

IBackgroundCopyFile interface is updated if 
a redirect occurs. 

o 0,1,0. BITS fails the job if a redirect occurs. 

e Set the 12th bit from the right to allow redirection 
from HTTPS to HTTP. 


Examples 


To set the security flags to enable a CRL check for the job named myDownload/ob: 


bitsadmin /setsecurityflags myDownloadJob @0x0001 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin setvalidationstate 
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Sets the content validation state of the given file within the job. 


Syntax 


bitsadmin /setvalidationstate <job> <file_index> <TRUE|FALSE> 


Parameters 
PARAMETER DESCRIPTION 
Job The job's display name or GUID. 
file_index Starts at 0. 
TRUE or FALSE TRUE turns on content validation for the specified file, while 
FALSE turns it off 
Examples 


To set the content validation state of file 2 to TRUE for the job named myDownload/ob. 


bitsadmin /setvalidationstate myDownloadJob 2 TRUE 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin suspend 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Suspends the specified job. If you suspended your job by mistake, you can use the bitsadmin resume switch to 


restart the job. 


Syntax 


bitsadmin /suspend <job> 
Parameters 
PARAMETER 
job 


Example 


To suspend the job named myDownload/ob. 


bitsadmin /suspend myDownloadJob 


Additional References 
e Command-Line Syntax Key 
e bitsadmin resume command 


e bitsadmin command 


DESCRIPTION 


The job's display name or GUID. 


bitsadmin takeownership 
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Lets a user with administrative privileges take ownership of the specified job. 


Syntax 





bitsadmin /takeownership <job> 








Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To take ownership of the job named myDownload/ob. 





bitsadmin /takeownership myDownloadJob 





Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin transfer 
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Transfers one or more files. By default, the BITSAdmin service creates a download job that runs at NORMAL 
priority and updates the command window with progress information until the transfer is complete or until a 
critical error occurs, 


The service completes the job if it successfully transfers all the files and cancels the job if a critical error occurs. The 
service does not create the job if it is unable to add files to the job or if you specify an invalid value for type or 
Job_priority. To transfer more than one file, specify multiple <RemoteFileName>-<LocalFileName> pairs. The pairs 
must be space-delimited. 





NOTE 


The BITSAdmin command continues to run if a transient error occurs. To end the command, press CTRL+C. 





Syntax 


bitsadmin /transfer <name> [<type>] [/priority <job_priority>] [/ACLflags <flags>] [/DYNAMIC] <remotefilename> 


<localfilename> 
Parameters 

PARAMETER DESCRIPTION 

name The name of the job. This command can't be a GUID. 

type Optional. Sets the type of job, including: 
e /DOWNLOAD. The default value. Choose this type for 

download jobs. 

e /UPLOAD. Choose this type for upload jobs. 

priority Optional. Sets the priority of the job, including: 
e FOREGROUND 
e HIGH 
e NORMAL 
e LOW 

ACLflags Optional. Indicates that you want to maintain the owner and 


ACL information with the file being downloaded. Specify one 

or more of the values, including: 

e o - Copy owner information with file. 

© g - Copy group information with file. 

© d - Copy discretionary access control list (DACL) 
information with file. 


© s - Copy system access control list (SACL) information 
with file. 


PARAMETER DESCRIPTION 


/DYNAMIC Configures the job using 
BITS JOB PROPERTY DYNAMIC CONTENT, which 
relaxes the server-side requirements. 


remotefilename The name of the file after it's transferred to the server. 
localfilename The name of the file that resides locally. 
Examples 


To start a transfer job named myDownload/ob. 


bitsadmin /transfer myDownloadJob http://prodserver/audio.wma c:\downloads\audio.wma 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bitsadmin util 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Lists the /util switches. 
Lists the util switches. 


Syntax 


bitsadmin /util /help 
bitsadmin /util /getieproxy 
bitsadmin /util /repairservice 
bitsadmin /util /setieproxy 
bitsadmin /util /version 


Parameters 
PARAMETER 


bitsadmin util and help 


bitsadmin util and getieproxy 
bitsadmin util and repairservice 


bitsadmin util and setieproxy 


bitsadmin util and version 


Additional References 
e Command-Line Syntax Key 


e bitsadmin command 


DESCRIPTION 


Displays the command-line usage for the /Util switches. You 
can also specify /?. 


Retrieves the proxy usage for the given service account. 


Repairs known issues with BITS service. 


Specifies proxy settings to use when transferring files using a 
service account. 


Displays the version of the BITS service. 


bitsadmin util and enableanalyticchannel 
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Enables or disables the BITS client analytic channel. 


Syntax 





bitsadmin /util /enableanalyticchannel TRUE |FALSE 





PARAMETER DESCRIPTION 





TRUE or FALSE TRUE turns on content validation for the specified file, while 
FALSE turns it off. 


Examples 


To turn the BITS client analytic channel on or off. 





bitsadmin /util / enableanalyticchannel TRUE 





Additional References 
e Command-Line Syntax Key 
e bitsadmin util command 


e bitsadmin command 


bitsadmin util and getieproxy 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Retrieves the proxy usage for the given service account. This command shows the value for each proxy usage, not 
just the proxy usage you specified for the service account. For details about setting the proxy usage for specific 
service accounts, see the bitsadmin util and setieproxy command. 


Syntax 


bitsadmin /util /getieproxy <account> [/conn <connectionname> ] 


Parameters 
PARAMETER DESCRIPTION 
account Specifies the service account whose proxy settings you want 
to retrieve. Possible values include: 
e LOCALSYSTEM 
e NETWORKSERVICE 
e LOCALSERVICE. 
connectionname Optional. Used with the /conn parameter to specify which 
modem connection to use. If you don't specify the /conn 
parameter, BITS uses the LAN connection. 
Examples 


To display the proxy usage for the NETWORK SERVICE account: 


bitsadmin /util /getieproxy NETWORKSERVICE 


Additional References 
e Command-Line Syntax Key 
e bitsadmin util command 


e bitsadmin command 


bitsadmin util and help 
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Displays the command-line usage for the /util switches. 


Syntax 





| bitsadmin /util /help | 





Examples 


To display the command-line help for the /util switches: 


bitsadmin /util /help 


Additional References 
e Command-Line Syntax Key 
e bitsadmin util command 


e@ bitsadmin command 


bitsadmin util and repairser vice 
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If BITS fails to start, this switch attempts to resolve errors related to incorrect service configuration and 
dependencies on Windows services (such as LANManworkstation) and the network directory. This switch also 
generates output that indicates if the issues that were resolved. 





NOTE 
This command isn't supported by BITS 1.5 and earlier. 





Syntax 


bitsadmin /util /repairservice [/force] 


Parameters 
PARAMETER DESCRIPTION 
/force Optional. Deletes and creates the service again. 





NOTE 


If BITS creates the service again, the service description string might be set to English even in a localized system. 





Examples 


To repair the BITS service configuration: 


bitsadmin /util /repairservice 


Additional References 


e Command-Line Syntax Key 
e bitsadmin util command 


e bitsadmin command 


bitsadmin util and setieproxy 
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Set the proxy settings to use when transferring files using a service account. You must run this command from an 
elevated command prompt for it to complete successfully. 





NOTE 


This command isn't supported by BITS 1.5 and earlier. 





Syntax 


bitsadmin /util /setieproxy <account> <usage> [/conn <connectionname> ] 


Parameters 

PARAMETER DESCRIPTION 

account Specifies the service account whose proxy settings you want 
to define. Possible values include: 
e LOCALSYSTEM 
e NETWORKSERVICE 
e LOCALSERVICE. 

usage Specifies the form of proxy detection to use. Possible values 


include: 

e NO PROXY. Dont use a proxy server. 

e AUTODETECT. Automatically detect the proxy 
settings. 

e MANUAL PROXY. Use a specified proxy list and 
bypass list. You must specify your lists immediately 
after the usage tag. For example, 

MANUAL_PROXY proxy1,proxy2 NULL . 


© Proxy list. A comma-delimited list of proxy 
servers to use. 

° Bypass list. A space-delimited list of host 
names or IP addresses, or both, for which 
transfers are not to be routed through a proxy. 
This can be <local> to refer to all servers on 
the same LAN. Values of NULL or may be used 
for an empty proxy bypass list. 

e AUTOSCRIPT. Same as AUTODETECT, except it also 
runs a script. You must specify the script URL 
immediately after the usage tag. For example, 

AUTOSCRIPT http://server/proxy.js . 


© RESET. Same as NO_PROXY, except it removes the 
manual proxy URLs (if specified) and any URLs 
discovered using automatic detection. 


PARAMETER DESCRIPTION 


connectionname Optional. Used with the /conn parameter to specify which 
modem connection to use. If you don't specify the /conn 
parameter, BITS uses the LAN connection. 


Remarks 


Each successive call using this switch replaces the previously specified usage, but not the parameters of the 
previously defined usage. For example, if you specify NO PROXY, AUTODETECT, and MANUAL PROXY on 
separate calls, BITS uses the last supplied usage, but keeps the parameters from the previously defined usage. 


Examples 


To set the proxy usage for the LOCALSYSTEM account: 


bitsadmin /util /setieproxy localsystem AUTODETECT 
bitsadmin /util /setieproxy localsystem MANUAL PROXY proxyl,proxy2,proxy3 NULL 


bitsadmin /util /setieproxy localsystem MANUAL PROXY proxyl:8Ø 


Additional References 


e Command-Line Syntax Key 
e bitsadmin util command 


e bitsadmin command 


bitsadmin util and version 
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Displays the version of BITS service (for example, 2.0). 





NOTE 
This command isn't supported by BITS 1.5 and earlier. 





Syntax 





bitsadmin /util /version [/verbose] 





Parameters 
PARAMETER DESCRIPTION 
/verbose Use this switch to display the file version for each BITS-related 
DLL and to verify whether the BITS service can start. 
Examples 


To display the version of the BITS Service. 





bitsadmin /util /version 





Additional References 
e Command-Line Syntax Key 
e bitsadmin util command 


e bitsadmin command 


bitsadmin wrap 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Wraps any line of output text extending beyond the rightmost edge of the command window to the next line. You 
must specify this switch before any other switches. 


By default, all switches except the bitsadmin monitor switch, wrap the output text. 


Syntax 


bitsadmin /wrap <job> 


Parameters 

PARAMETER DESCRIPTION 

job The job's display name or GUID. 
Examples 


To retrieve information for the job named myDownload/ob and wrap the output text: 


bitsadmin /wrap /info myDownloadJob /verbose 


Additional References 


e Command-Line Syntax Key 


e bitsadmin command 


bootcfg 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Configures, queries, or changes Boot.ini file settings. 


Syntax 


bootcfg <parameter> [arguments...] 


Parameters 

PARAMETER DESCRIPTION 

bootcfg addsw Adds operating system load options for a specified operating 
system entry. 

bootcfg copy Makes a copy of an existing boot entry, to which you can add 
command-line options. 

bootcfg dbg1394 Configures 1394 port debugging for a specified operating 
system entry. 

bootcfg debug Adds or changes the debug settings for a specified operating 
system entry. 

bootcfg default Specifies the operating system entry to designate as the 
default. 

bootcfg delete Deletes an operating system entry in the [operating systems] 
section of the Boot.ini file. 

bootcfg ems Enables the user to add or change the settings for redirection 
of the Emergency Management Services console to a remote 
computer. 

bootcfg query Queries and displays the [boot loader] and [operating 
systems] section entries from Boot.ini. 

bootcfg raw Adds operating system load options specified as a string to 
an operating system entry in the [operating systems] section 
of the Boot.ini file. 

bootcfg rmsw Removes operating system load options for a specified 


operating system entry. 


bootcfg timeout Changes the operating system time-out value. 


bootcfg addsw 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Adds operating system load options for a specified operating system entry. 


Syntax 


bootcfg /addsw [/s <computer> [/u <domain>\<user> /p <password>]] [/mm <maximumram>] [/bv] [/so] [/ng] /id 


<osentrylinenum> 


Parameters 


TERM 


/s <computer> 


/u <domain>\<user> 


/p <password> 


/mm <maximumram> 


/bv 


/so 


/ng 


/id <osentrylinenum> 


f 


DEFINITION 


Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. 


Runs the command with the account permissions of the user 
specified by <user> or <domain>\<user> . The default is the 
permissions of the current logged on user on the computer 
issuing the command. 


Specifies the password of the user account that is specified in 
the /u parameter. 


Specifies the maximum amount of RAM, in megabytes, that 
the operating system can use. The value must be equal to or 
greater than 32 Megabytes. 


Adds the /basevideo option to the specified 
<osentrylinenum> , directing the operating system to use 
standard VGA mode for the installed video driver. 


Adds the /sos option to the specified <osentrylinenum> , 
directing the operating system to display device driver names 
while they are being loaded. 


Adds the /noguiboot option to the specified 
<osentrylinenum> , disabling the progress bar that appears 
before the CTRL+ALT+DEL logon prompt. 


Specifies the operating system entry line number in the 
[operating systems] section of the Boot.ini file to which the 
operating system load options are added. The first line after 
the [operating systems] section header is 1. 


Displays help at the command prompt. 


Examples 


To use the bootcfg /addsw command: 


bootcfg /addsw /mm 64 /id 2 

bootcfg /addsw /so /id 3 

bootcfg /addsw /so /ng /s srvmain /u hiropln /id 2 

bootcfg /addsw /ng /id 2 

bootcfg /addsw /mm 96 /ng /s srvmain /u maindom\hiropln /p p@ssW23 /id 2 


Additional References 


e Command-Line Syntax Key 


e bootcfg command 


bootcfg copy 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Makes a copy of an existing boot entry, to which you can add command-line options. 


Syntax 


bootcfg /copy [/s <computer> [/u <domain>\<user> /p <password>]] [/d <description>] [/id <osentrylinenum>] 


Parameters 
PARAMETER DESCRIPTION 

/s <computer> Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. 

/u <domain>\<user> Runs the command with the account permissions of the user 
specified by <user> or <domain>\<user> . The default is the 
permissions of the current logged on user on the computer 
issuing the command. 

/p <password> Specifies the password of the user account that is specified in 
the /u parameter. 

/d <description> Specifies the description for the new operating system entry. 

/id <osentrylinenum> Specifies the operating system entry line number in the 
[operating systems] section of the Boot.ini file to which the 
operating system load options are added. The first line after 
the [operating systems] section header is 1. 

/? Displays help at the command prompt. 
Examples 


To copy boot entry 1 and enter \ABC Server\ as the description: 


bootcfg /copy /d \ABC Server\ /id 1 


Additional References 


e Command-Line Syntax Key 


e bootcfg command 


bootcfg dbg1394 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Configures 1394 port debugging for a specified operating system entry. 


Syntax 


bootcfg /dbg1394 {on | off}[/s <computer> [/u <domain>\<user> /p <password>]] [/ch <channel>] /id 


<osentrylinenum> 
Parameters 
PARAMETER DESCRIPTION 

{on | off} Specifies the value for 1394 port debugging, including: 

e on. Enables remote debugging support by adding the 
/dbg1394 option to the specified <osentrylinenum> . 

e off. Disables remote debugging support by removing 
the /dbg1394 option from the specified . 

/s <computer> Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. 

/u <domain>\<user> Runs the command with the account permissions of the user 
specified by <user> or <domain>\<user> . The default is the 
permissions of the current logged on user on the computer 
issuing the command. 

/p <password> Specifies the password of the user account that is specified in 
the /u parameter. 

/ch <channel> Specifies the channel to use for debugging. Valid values 
include integers, between 1 and 64. Don't use this parameter 
if 1394 port debugging is disabled. 

/id <osentrylinenum> Specifies the operating system entry line number in the 
[operating systems] section of the Boot.ini file to which the 
operating system load options are added. The first line after 
the [operating systems] section header is 1. 

R Displays help at the command prompt. 
Examples 


To use the bootcfg /dbg1394command: 


bootcfg /dbg1394 /id 2 

bootcfg /dbg1394 on /ch 1 /id 3 

bootcfg /dbg1394 edit /ch 8 /id 2 

bootcfg /s srvmain /u maindom\hiropln /p p@ssW23 /dbg1394 off /id 2 


Additional References 


e Command-Line Syntax Key 


e bootcfg command 


bootcfg debug 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Adds or changes the debug settings for a specified operating system entry. 





NOTE 
If you're attempting to debug port 1394, use the bootcfg dobg1394 command instead. 





Syntax 


bootcfg /debug {on | off | edit}[/s <computer> [/u <domain>\<user> /p <password>]] [/port {COM1 | COM2 | COM3 
| COM4}] [/baud (9600 | 19209 | 38409 | 57600 | 115200)] [/id <osentrylinenum>] 


Parameters 


PARAMETER DESCRIPTION 


fon | off | edit) Specifies the value for port debugging, including: 

e on. Enables remote debugging support by adding the 
/debug option to the specified <osentrylinenum> . 

e off. Disables remote debugging support by removing 
the /debug option from the specified . 

e edit. Allows changes to port and baud rate settings 
by changing the values associated with the /debug 
option for the specified . 


/s <computer> Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. 


/u <domain>\<user> Runs the command with the account permissions of the user 
specified by <user> or <domain>\<user> . The default is the 
permissions of the current logged on user on the computer 
issuing the command. 


/p <password> Specifies the password of the user account that is specified in 
the /u parameter. 


/port {COM1 | COM2 | COM3 | COM4) Specifies the COM port to be used for debugging. Don't use 
this parameter if debugging is disabled. 


/baud {9600 | 19200 | 38400 | 576@@ | 115200} Specifies the baud rate to be used for debugging. Don't use 
this parameter if debugging is disabled. 


PARAMETER 


/id <osentrylinenum> 


/ 
Examples 
To use the bootcfg /debug command: 


bootcfg /debug on /port com1 /id 2 
bootcfg /debug edit /port com2 /baud 19200 /id 2 


DESCRIPTION 


Specifies the operating system entry line number in the 
[operating systems] section of the Boot.ini file to which the 
operating system load options are added. The first line after 
the [operating systems] section header is 1. 


Displays help at the command prompt. 


bootcfg /s srvmain /u maindom\hiropin /p p@ssW23 /debug off /id 2 


Additional References 


e Command-Line Syntax Key 


e bootcfg command 


bootcfg default 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Specifies the operating system entry to designate as the default. 


Syntax 


bootcfg /default [/s <computer> [/u <domain>\<user> /p <password>]] [/id <osentrylinenum> ] 


Parameters 
PARAMETER DESCRIPTION 

/s <computer> Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. 

/u <domain>\<user> Runs the command with the account permissions of the user 
specified by <user> or <domain>\<user> . The default is the 
permissions of the current logged on user on the computer 
issuing the command. 

/p <password> Specifies the password of the user account that is specified in 
the /u parameter. 

/id <osentrylinenum> Specifies the operating system entry line number in the 
[operating systems] section of the Boot.ini file to which the 
operating system load options are added. The first line after 
the [operating systems] section header is 1. 

/? Displays help at the command prompt. 
Examples 


To use the bootcfg /default command: 


bootcfg /default /id 2 
bootcfg /default /s srvmain /u maindomVhiropln /p p@ssW23 /id 2 


Additional References 


e Command-Line Syntax Key 


e bootcfg command 


bootcfg delete 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Deletes an operating system entry in the [operating systems] section of the Boot.ini file. 


Syntax 


bootcfg /delete [/s <computer> [/u <domain>\<user> /p <password>]] [/id <osentrylinenum>] 


Parameters 
PARAMETER DESCRIPTION 

/s <computer> Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. 

/u <domain>\<user> Runs the command with the account permissions of the user 
specified by <user> or <domain>\<user> . The default is the 
permissions of the current logged on user on the computer 
issuing the command. 

/p <password> Specifies the password of the user account that is specified in 
the /u parameter. 

/id <osentrylinenum> Specifies the operating system entry line number in the 
[operating systems] section of the Boot.ini file to which the 
operating system load options are added. The first line after 
the [operating systems] section header is 1. 

/? Displays help at the command prompt. 
Examples 


To use the bootcfg /delete command: 


bootcfg /delete /id 1 
bootcfg /delete /s srvmain /u maindom\hiropln /p p@ssW23 /id 3 


Additional References 


e Command-Line Syntax Key 


e bootcfg command 


bootcfg ems 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Enables the user to add or change the settings for redirection of the Emergency Management Services console to a 
remote computer. Enabling Emergency Management Services, adds a redirect=Port# line to the [boot loader] 
section of the Boot.ini file along with a /redirect option to the specified operating system entry line. The Emergency 
Management Services feature is enabled only on servers. 


Syntax 


bootcfg /ems {on | off | edit}[/s <computer> [/u <domain>\<user> /p <password>]] [/port {COM1 | COM2 | COM3 | 
COM4 | BIOSSET)] [/baud {9600 | 19200 | 38400 | 57600 | 115200)] [/id <osentrylinenum>] 


Parameters 


PARAMETER DESCRIPTION 


{on | off | edit} Specifies the value for Emergency Management Services 
redirection, including: 
© on. Enables remote output for the specified 
<osentrylinenum> . Also adds a /redirect option to 
the specified anda redirect=com<x> setting to the 
[boot loader] section. The value of com<x> is set by 
the /port parameter. 
© off. Disables output to a remote computer. Also 
removes the /redirect option to the specified and the 
redirect=com<X> setting from the [boot loader] 
section. 
e edit. Allows changes to port settings by changing the 
redirect=com<X> setting in the [boot loader] section. 
The value of com<x> is set by the /port parameter. 


/s <computer> Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. 


/u <domain>\<user> Runs the command with the account permissions of the user 
specified by <user> or <domain>\<user> . The default is the 
permissions of the current logged on user on the computer 
issuing the command. 


/p <password> Specifies the password of the user account that is specified in 
the /u parameter. 


/port {COM1 | COM2 | COM3 | COM4 | BIOSSET} Specifies the COM port to be used for redirection. The 
BIOSSET parameter directs Emergency Management Services 
to get the BIOS settings to determine which port should be 
used for redirection. Don't use this parameter if remotely 
administered output is disabled. 


PARAMETER DESCRIPTION 


/baud {9600 | 19200 | 38400 | 57600 | 115200) Specifies the baud rate to be used for redirection. Don't use 
this parameter if remotely administered output is disabled. 


/id <osentrylinenum> Specifies the operating system entry line number to which the 
Emergency Management Services option is added in the 
[operating systems] section of the Boot.ini file. The first line 
after the [operating systems] section header is 1. This 
parameter is required when the Emergency Management 
Services value is set to on or off. 


/? Displays help at the command prompt. 


Examples 


To use the bootcfg /ems command: 


bootcfg /ems on /port comi /baud 19209 /id 2 

bootcfg /ems on /port biosset /id 3 

bootcfg /s srvmain /ems off /id 2 

bootcfg /ems edit /port com2 /baud 115209 

bootcfg /s srvmain /u maindomVhiropln /p pøssW23 /ems off /id 2 


Additional References 


e Command-Line Syntax Key 


e bootcfg command 


bootcfg query 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Queries and displays the [boot loader] and [operating systems] section entries from Boot.ini. 


Syntax 


bootcfg /query [/s <computer> [/u <domain>\<user> /p <password>]] 


Parameters 


PARAMETER 


/s <computer> 


/u <domain>\<user> 


/p <password> 


n 


Sample output 


Sample output for the bootcfg /query command: 


Boot Loader Settings 

timeout: 30 

default: multi(@)disk(ð)rdisk(ð)partition(1)\WINDOWS 
Boot Entries 

Boot entry ID: 1 

Friendly Name: 

path: multi(@)disk(@)rdisk(@)partition(1)\WINDOWS 

OS Load Options: /fastdetect /debug /debugport=com1: 


DESCRIPTION 


Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. 


Runs the command with the account permissions of the user 
specified by <user> or <domain>\<user> . The default is the 


permissions of the current logged on user on the computer 
issuing the command. 


Specifies the password of the user account that is specified in 
the /u parameter. 


Displays help at the command prompt. 


e The Boot Loader Settings area shows each entry in the [boot loader] section of Boot.ini. 


e The Boot Entries area shows more details for each operating system entry in the [operating systems] 


section of the Boot.ini 


Examples 


To use the bootcfg /query command: 


bootcfg /query 
bootcfg /query /s srvmain /u maindomVhiropln /p pØssW23 
bootcfg /query /u hiropln /p pØssW23 


Additional References 


e Command-Line Syntax Key 


e bootcfg command 


bootcfg raw 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Adds operating system load options specified as a string to an operating system entry in the [operating systems] 
section of the Boot.ini file. This command overwrites any existing operating system entry options. 


Syntax 


bootcfg /raw [/s <computer> [/u <domain>\<user> /p <password>]] <osloadoptionsstring> [/id <osentrylinenum>] 


[/a] 


Parameters 
PARAMETER DESCRIPTION 

/s <computer> Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. 

/u <domain>\<user> Runs the command with the account permissions of the user 
specified by <user> or <domain>\<user> . The default is the 
permissions of the current logged on user on the computer 
issuing the command. 

/p <password> Specifies the password of the user account that is specified in 
the /u parameter. 

<osloadoptionsstring> Specifies the operating system load options to add to the 
operating system entry. These load options replace any 
existing load options associated with the operating system 
entry. There is no validation against the <osloadoptions> 
parameter. 

/id <osentrylinenum> Specifies the operating system entry line number in the 
[operating systems] section of the Boot.ini file to which the 
operating system load options are added. The first line after 
the [operating systems] section header is 1. 

/a Specifies which operating system options should be appended 
to any existing operating system options. 
/? Displays help at the command prompt. 
Examples 


This text should contain valid OS Load Options such as /debug, /fastdetect, /nodebug, /baudrate, 
/crashdebug, and /sos. 


To add /debug /fastdetect to the end of the first operating system entry, replacing any previous operating 


system entry options: 
bootcfg /raw /debug /fastdetect /id 1 
To use the bootcfg /raw command: 


bootcfg /raw /debug /sos /id 2 
bootcfg /raw /s srvmain /u maindom\hiropln /p p@ssW23 /crashdebug /id 2 


Additional References 


e Command-Line Syntax Key 


e bootcfg command 


bootcfg rmsw 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Removes operating system load options for a specified operating system entry. 


Syntax 


bootcfg /rmsw [/s <computer> [/u <domain>\<user> /p <password>]] [/mm] [/bv] [/so] [/ng] /id <osentrylinenum> 


Parameters 
PARAMETER DESCRIPTION 

/s <computer> Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. 

/u <domain>\<user> Runs the command with the account permissions of the user 
specified by <user> or <domain>\<user> . The default is the 
permissions of the current logged on user on the computer 
issuing the command. 

/p <password> Specifies the password of the user account that is specified in 
the /u parameter. 

/mm Removes the /maxmem option and its associated maximum 
memory value from the specified <osentrylinenum> . The 
/maxmem option specifies the maximum amount of RAM that 
the operating system can use. 
/bv Removes the /basevideo option from the specified 
<osentrylinenum> . The /basevideo option directs the 
operating system to use standard VGA mode for the installed 
video driver. 
/so Removes the /sos option from the specified 
<osentrylinenum> . The /sos option directs the operating 
system to display device driver names while they are being 
loaded. 
/ng Removes the /noguiboot option from the specified 
<osentrylinenum> . The /noguiboot option disables the 
progress bar that appears before the CTRL+ALT+DEL logon 
prompt. 
/id <osentrylinenum> Specifies the operating system entry line number in the 


[operating systems] section of the Boot.ini file to which the 
operating system load options are added. The first line after 
the [operating systems] section header is 1. 


PARAMETER DESCRIPTION 


/? Displays help at the command prompt. 


Examples 


To use the bootcfg /rmsw command: 


bootcfg /rmsw /mm 64 /id 2 

bootcfg /rmsw /so /id 3 

bootcfg /rmsw /so /ng /s srvmain /u hiropin /id 2 

bootcfg /rmsw /ng /id 2 

bootcfg /rmsw /mm 96 /ng /s srvmain /u maindom\hiropln /p p@ssW23 /id 2 


Additional References 


e Command-Line Syntax Key 


e bootcfg command 


bootcfg timeout 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the operating system time-out value. 


Syntax 


bootcfg /timeout <timeoutvalue> [/s <computer> [/u <domain>\<user> /p <password>]] 


Parameters 
PARAMETER DESCRIPTION 
/timeout <timeoutvalue> Specifies the timeout value in the [boot loader] section. The 
<timeoutvalue> is the number of seconds the user has to 
select an operating system from the boot loader screen before 
NTLDR loads the default. The valid range for 
<timeoutvalue> is 0-999. If the value is 0, NTLDR 
immediately starts the default operating system without 
displaying the boot loader screen. 

/s <computer> Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. 

/u <domain>\<user> Runs the command with the account permissions of the user 
specified by <user> or <domain>\<user> . The default is the 
permissions of the current logged on user on the computer 
issuing the command. 

/p <password> Specifies the password of the user account that is specified in 
the /u parameter. 

/? Displays help at the command prompt. 
Examples 


To use the bootcfg /timeout command: 


bootcfg /timeout 30 
bootcfg /s srvmain /u maindom\hiropln /p p@ssW23 /timeout 50 


Additional References 


e Command-Line Syntax Key 


e bootcfg command 


break 
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IMPORTANT 


This command is no longer in use. It is included only to preserve compatibility with existing MS-DOS files, but it has no effect 
at the command line because the functionality is automatic. 





Sets or clears extended CTRL+C checking on MS-DOS systems. If used without parameters, break displays the 
existing setting value. 


If command extensions are enabled and running on the Windows platform, inserting the break command into a 
batch file enters a hard-coded breakpoint if being debugged by a debugger. 


Syntax 


break=[on|off] 


Additional References 
e Command-Line Syntax Key 


e break command 


erste ks 
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IMPORTANT 


This command has been deprecated. Please use icacls instead. 





Displays or modifies discretionary access control lists (DACL) on specified files. 


Syntax 


cacls <filename> [/t] [/m] [/1] [/s[:sddl]] [/e] [/c] [/g user:<perm>] [/r user [...]] [/p user:<perm> [...]] 
[/d user [...]] 


Parameters 
PARAMETER DESCRIPTION 
<filename> Required. Displays ACLs of specified files. 

/t Changes ACLs of specified files in the current directory and all 
subdirectories. 

/m Changes ACLs of volumes mounted to a directory. 

/\ Works on the Symbolic Link itself instead of the target. 

/s:sddl Replaces the ACLs with those specified in the SDDL string. This 
parameter is not valid for use with the /e, /g, /r, /p, or /d 
parameters. 

/e Edit an ACL instead of replacing it. 

/c Continue after access denied errors. 

/g user:<perm> Grants specified user access rights, including these valid values 

for permission: 
e n - None 
e r- Read 
e w- Write 
e c- Change (write) 
e f- Full control 

/r user [...] Revoke specified user's access rights. Only valid when used 


with the /e parameter. 


PARAMETER 


[/p user:<perm> [...] 


[/d user [...] 


L 


Sample output 


OUTPUT 


Ol 


Cl 


No output message 


(OIXCI) 


(OI)(CI)(IO) 


(CIO) 


(ON(IO) 


Remarks 


e You can use wildcards (? and *) to specify multiple files. 


e You can specify more than one user. 


Additional References 
e Command-Line Syntax Key 


e icacls 


DESCRIPTION 


Replace specified user's access rights, including these valid 
values for permission: 


e n- None 
e r- Read 
e w- Write 


e c- Change (write) 
e f- Full control 


Deny specified user access. 


Displays help at the command prompt. 


ACCESS CONTROL ENTRY (ACE) APPLIES TO 


Object inherit. This folder and files. 


Container inherit. This folder and subfolders. 


Inherit only. The ACE does not apply to the current 
file/directory. 


This folder only. 


This folder, subfolders, and files. 


Subfolders and files only. 


Subfolders only. 


Files only. 


call 
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Calls one batch program from another without stopping the parent batch program. The call command accepts 


labels as the target of the call 





NOTE 


Call has no effect at the command prompt when it is used outside of a script or batch file. 





Syntax 


call [drive:][path]<filename> [<batchparameters>] [:<label> [<arguments>]] 


Parameters 


PARAMETER 
[<drive>:][<path>]<filename> 
<batchparameters> 
:<label> 
<arguments> 

nR 


Batch parameters 


DESCRIPTION 


Specifies the location and name of the batch program that 
you want to call. The <filename> parameter is required, and 
it must have a .bat or .cmd extension. 


Specifies any command-line information required by the batch 
program. 


Specifies the label that you want a batch program control to 
jump to. 


Specifies the command-line information to be passed to the 
new instance of the batch program, beginning at :<label> . 


Displays help at the command prompt. 


The batch script argument references (%0, %1, ...) are listed in the following tables. 


Using the %* value in a batch script refers to all the arguments (for example, %1, %2, %3...). 


You can use the following optional syntaxes as substitutions for batch parameters (%n): 


BATCH PARAMETER 


%~1 


%~f1 


%~d1 


DESCRIPTION 


Expands %1 and removes surrounding quotation marks. 


Expands %1 to a fully qualified path. 


Expands %1 to a drive letter only. 


BATCH PARAMETER 


%-p1 


%-n1 


%~x1 


%~s1 


%~al 


%-t1 


%-z1 


%- $PATH:1 


DESCRIPTION 


Expands %1 to a path only. 


Expands %1 to a file name only. 


Expands %1 to a file name extension only. 


Expands %1 to a fully qualified path that contains short 
names only. 


Expands %1 to the file attributes. 


Expands %1 to the date and time of file. 


Expands %1 to the size of the file. 


Searches the directories listed in the PATH environment 
variable, and expands %1 to the fully qualified name of the 
first directory found. If the environment variable name is not 
defined or the file is not found by the search, then this 
modifier expands to the empty string. 


The following table shows how you can combine modifiers with the batch parameters for compound results: 


BATCH PARAMETER WITH MODIFIER 


%-dp1 


%~nx1 


%~dp$PATH:1 


%~ftza1 


DESCRIPTION 


Expands %1 to a drive letter and path only. 


Expands %1 to a file name and extension only. 


Searches the directories listed in the PATH environment 
variable for %1, and then expands to the drive letter and path 
of the first directory found. 


Expands %1 to display output similar to the dir command. 


In the above examples, %1 and PATH can be replaced by other valid values. The %~ syntax is terminated by a valid 


argument number. The %~ modifiers cannot be used with %*. 


Remarks 


e Using batch parameters: 


Batch parameters can contain any information that you can pass to a batch program, including command- 


line options, file names, the batch parameters %0 through %9, and variables (for example, %baud%). 


e Using the <label> parameter: 


By using call with the <label> parameter, you create a new batch file context and pass control to the 


statement after the specified label. The first time the end of the batch file is encountered (that is, after 


jumping to the label), control returns to the statement after the call statement. The second time the end of 


the batch file is encountered, the batch script is exited. 


e Using pipes and redirection symbols: 


Do not use pipes (|) or redirection symbols (< or >) with call. 


e Making a recursive call 


You can create a batch program that calls itself. However, you must provide an exit condition. Otherwise, the 


parent and child batch programs can loop endlessly. 
e Working with command extensions 


If command extensions are enabled, call accepts <label> as the target of the call. The correct syntax is 


call :<label> <arguments> 


Examples 


To run the checknew.bat program from another batch program, type the following command in the parent batch 


program: 
call checknew 


If the parent batch program accepts two batch parameters and you want it to pass those parameters to 
checknew.bat, type the following command in the parent batch program: 


call checknew %1 %2 


Additional References 


e Command-Line Syntax Key 


(eo 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Displays the name of the current directory or changes the current directory. If used with only a drive letter (for 
example, cd c: ), cd displays the names of the current directory in the specified drive. If used without parameters, 


cd displays the current drive and directory. 


NOTE 


This command is the same as the chdir command. 


Syntax 


cd [/d] [<drive>:][<path>] 
edim] 

chdir [/d] [<drive>:][<path>] 
chdiir [i] 


Parameters 


PARAMETER 


/d 
<drive>: 


<path> 


n 


Remarks 





DESCRIPTION 


Changes the current drive as well as the current directory for 
a drive. 


Specifies the drive to display or change (if different from the 
current drive). 


Specifies the path to the directory that you want to display or 
change. 


Specifies that you want to change to the parent folder. 


Displays help at the command prompt. 


If command extensions are enabled, the following conditions apply to the cd command: 


e The current directory string is converted to use the same case as the names on the disk. For example, 
cd c:\temp would set the current directory to CA Temp if that is the case on the disk. 


e@ Spaces aren't treated as delimiters, so <path> can contain spaces without enclosing quotation marks. For 


example: 


cd username\programs\start menu 
is the same as: 
cd "“username\programs\start menu" 


If extensions are disabled, the quotation marks are required. 


e To disable command extensions, type: 


cmd /e:off 


Examples 


To return to the root directory, the top of the directory hierarchy for a drive: 
cd\ 

To change the default directory on a drive that is different from the one you are on: 
cd [<drive>:[<directory>]] 

To verify the change to the directory, type: 


cd [<drive>:] 


Additional References 


e Command-Line Syntax Key 


e chdir command 


certreq 
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The certreq command can be used to request certificates from a certification authority (CA), to retrieve a response to a 
previous request from a CA, to create a new request from an inf file, to accept and install a response to a request, to 
construct a cross-certification or qualified subordination request from an existing CA certificate or request, and to sign a 
cross-certification or qualified subordination request. 





IMPORTANT 


Earlier versions of the certreq command might not provide all of the options described here. To see the options supported based on 


specific versions of certreq, run the command-line help option, certreq -v -?. 


The certreq command doesn't support creating a new certificate request based on a Key Attestation template when in a CEP/CES 
environment. 





WARNING 


The content for this topic is based on the default settings for Windows Server; for example, setting the key length to 2048, selecting 
Microsoft Software Key Storage Provider as the CSP and using Secure Hash Algorithm 1 (SHA1). Evaluate these selections against the 
requirements of your company's security policy. 








Syntax 


certreq [-submit] [options] [requestfilein [certfileout [certchainfileout [fullresponsefileOut] ]]] 
certreq -retrieve [options] requestid [certfileout [certchainfileout [fullresponsefileout]]] 
certreq -new [options] [policyfilein [requestfileout] ] 

certreq -accept [options] [certchainfilein | fullresponsefilein | certfilein] 

certreq -sign [options] [requestfilein [requestfileout] ] 

certreq -enroll [options] templatename 

certreq -enroll -cert certId [options] renew [reusekeys] 


Parameters 
PARAMETER DESCRIPTION 
-submit Submits a request to a certificate authority. 
-retrieve <requestid> Retrieves a response to a previous request from a certificate 
authority. 
-new Creates a new request from an .inf file. 
-accept Accepts and installs a response to a certificate request. 
-policy Sets the policy for a request. 
-sign Signs a cross-certification or qualified subordination request. 
-enroll Enrolls for or renews a certificate. 


-? Displays a list of certreq syntax, options, and descriptions. 


PARAMETER DESCRIPTION 


<parameter> -? Displays help for the parameter specified. 


-v -? Displays a verbose list of the certreq syntax, options, and 
descriptions. 


Examples 


certreq -submit 


To submit a simple certificate request: 


certreq -submit certrequest.req certnew.cer certnew.pfx 


Remarks 

© This is the default certreq.exe parameter. If no option is specified at the command-line prompt, certreq.exe attempts 
to submit a certificate request to a certificate authority. You must specify a certificate request file when using the — 
submit option. If this parameter is omitted, a common File Open window appears, letting you select the 
appropriate certificate request file. 


e To request a certificate by specifying the SAN attribute, see the How to use the certreq.exe utility to create and 
submit a certificate request section of Microsoft Knowledge Base article 931351 How to add a Subject Alternative 
Name to a secure LDAP certificate. 


certreq -retrieve 


To retrieve certificate ID 20 and to create a certificate file (.cer), named MyCertificate 


certreq -retrieve 20 MyCertificate.cer 


Remarks 

e Use certreq -retrieve requestid to retrieve the certificate after the certificate authority has issued it. The requestid 
PKC can be a decimal or hex with Ox prefix and it can be a certificate serial number with no Ox prefix. You can also 
use it to retrieve any certificate that has ever been issued by the certificate authority, including revoked or expired 
certificates, without regard to whether the certificate's request was ever in the pending state. 


e If you submit a request to the certificate authority, the policy module of the certificate authority might leave the 
request in a pending state and return the requestid to the certreq caller for display. Eventually, the certificate 
authority's administrator will issue the certificate or deny the request. 

certreq -new 


To create a new request: 


[newrequest ] 
5 At least one value must be set in this section 
subject = CN=W2K8-BO-DC.contoso2.com 


The following are some of the possible sections that may be added to the INF file: 


[newrequest] 
This area of the INF file is mandatory for any new certificate request templates, and must include at least one parameter 
with a value. 


KEY! DESCRIPTION VALUE? EXAMPLE 


KEY 


Subject 


Exportable 


ExportableEncrypte 
d 


DESCRIPTION 


Several apps rely 
on the subject 
information in a 
certificate. We 
recommend 
specifying a value 
for this key. If the 
subject isn't set 
here, we 
recommend you 
include a subject 
name as part of 
the subject 
alternative name 
certificate 
extension. 


If set to TRUE, the 
private key can be 
exported with the 
certificate. To 
ensure a high level 
of security, private 
keys shouldn't be 
exportable; 
however, in some 
cases, it might be 
required if several 
computers or 
users must share 
the same private 
key. 


Specifies whether 
the private key 
should be set to 
be exportable. 


VALUE 


Relative 
Distinguished 
Name string values 


true | false 


true | false 


EXAMPLE 


Subject = 
CN=computer1.co 
ntoso.com 
Subject=CN=John 
Smith,CN=Users,D 
C=Contoso,DC=co 
m 


Exportable = 
TRUE 


. CNG keys can 
distinguish 
between this and 
plaintext 
exportable. CAPI1 
keys can't. 


ExportableEncrypted 

= true 
Tip: Not all 
public key sizes 
and algorithms 
will work with 
all hash 
algorithms. 
The specified 
CSP must also 
support the 
specified hash 
algorithm. To 
see the list of 
supported 
hash 
algorithms, 
you can run 
the command: 


certutil - 
oid 1 | 
findstr 
pwszCNGAlgid 
| findstr /v 
CryptOIDInfo 


KEY 


HashAlgorithm 


KeyAlgorithm 


KeyContainer 


DESCRIPTION 


Hash Algorithm to 
be used for this 
request. 


The algorithm that 
will be used by the 
service provider to 
generate a public 
and private key 
pair. 


We dont 
recommend 
setting this 
parameter for new 
requests where 
new key material is 
generated. The key 
container is 
automatically 
generated and 
maintained by the 
system. 


For requests 
where the 
existing key 
material 
should be 
used, this 
value can be 
set to the key- 
container 
name of the 
existing key. 
Use the 


certutil - 
key 


command to 
display the list 
of available 
key containers 
for the 
machine 
context. Use 
the 


certutil - 
key -user 


command for 
the current 
user's context. 


VALUE 


Sha256, sha384, 
sha512, shai, 
md5, md4, md2 


RSA, DH, DSA, 
ECDH P256, 
ECDH P521, 
ECDSA P256, 
ECDSA P384, 
ECDSA P521 


Random string 
value 

Tip: Use 
double quotes 
around any 
INF key value 
that has 
blanks or 
special 
characters to 
avoid potential 
INF parsing 
issues. 


EXAMPLE 


HashAlgorithm = 
shal 


. To see the list of 
supported hash 
algorithms use: 
certutil -oid 1 


KeyAlgorithm = 
RSA 


KeyContainer = 
{C347BD28-7F69- 
4090-AA16- 
BC58CF4D749C) 


findstr 
pwszCNGAlgid 


findstr /v 
CryptOIDInfo 


KEY 


KeyLength 


KeySpec 


KeyUsage 


DESCRIPTION 


Defines the length 
of the public and 
private key. The 
key length has an 
impact on the 
security level of 
the certificate. 
Greater key length 
usually provides a 
higher security 
level; however, 
some applications 
may have 
limitations 
regarding the key 
length. 


Determines if the 
key can be used 
for signatures, for 
Exchange 
(encryption), or for 
both. 


Defines what the 
certificate key 
should be used for. 


VALUE EXAMPLE 
Any valid key KeyLength = 
length that is 2038 
supported by the 

cryptographic 

service provider. 

AT NONE, KeySpec = 


AT SIGNATURE, 


AT KEYEXCHANGE 


AT KEYEXCHANGE 


CERT 


-- 80 (128) 


CERT 


-- 40 (64) 


CERT 


KeyUsage = 


) symbol separator. 


I DIGITAL SIGNATURE KEY USAGE OM VERsbFå MA Gfou 


Ti : Multiple 
I NON REPUDIATI N KEY_USAGE 
values use a 


pipe ( 


I KEY ENCIPHERMENT KEY USAGE 


-- 20 (32) 


CERT 


T_DATA_ENCIPHERMENT_KEY_USAGE 


-- 10 (16) 
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<9) 


CERT 


1 


I KEY AGREEMENT KEY USAGE 


I KEY CERT SIGN KEY USAGE 


I OFFLINE CRL SIGN KEY USAGE 


I CRL SIGN KEY USAGE 


I ENCIPHER ONLY KEY USAGE 





CERT 


I DECIPHER ONLY KEY USAGE 


-- 8000 (32768) 


0 ERMENPSRAGOUBIGGU0tes 


when using 
multiple values to 
avoid INF parsing 
issues. The values 
shown are 
hexadecimal 
(decimal) values for 
each bit definition. 
Older syntax can 
also be used: a 
single hexadecimal 
value with multiple 
bits set, instead of 
the symbolic 
representation. For 
example, 

KeyUsage = Øxa9 


KEY 


KeyUsageProperty 


MachineKeySet 


DESCRIPTION 


Retrieves a value 
that identifies the 
specific purpose 
for which a private 
key can be used. 


This key is 
important when 
you need to create 
certificates that are 
owned by the 
machine and not a 
user. The key 
material that is 
generated is 
maintained in the 
security context of 
the security 
principal (user or 
computer account) 
that has created 
the request. When 
an administrator 
creates a certificate 
request on behalf 
of a computer, the 
key material must 
be created in the 
machine's security 
context and not 
the administrator's 
security context. 
Otherwise, the 
machine could not 
access its private 
key since it would 
be in the 
administrator's 
security context. 


VALUE EXAMPLE 


e KeyUsageProperty = 


NCRYPT ALLOW DECRYPT FLAG LEON SDECRYPT FLAG 


EET 
wo... .LLOW_SIGNING_FLAG 
e 
NCRYPT_ALLOW_SIGNING_FLAG 
Seo 7) 
e 
NCRYPT_ALLOW_KEY_AGREEMENT_FLAG 
SA 
e 


NCRYPT_ALLOW_ALL_USAGES 
-- fFfffFF (16777215) 


true | false. 


The default is false. 


MachineKeySet = 
true 


KEY 


NotBefore 


NotAfter 


PrivateKeyArchive 


DESCRIPTION VALUE 


Specifies a date or Date or date and 
date and time time 
before which the 
request cannot be 
issued. 

NotBefore can 
be used with 

ValidityPeriod 
and 

ValidityPeriodUnits 


Specifies a date or Date or date and 
date and time after time 
which the request 
cannot be issued. 
NotAfter cannot 
be used with 
ValidityPeriod 
or 
ValidityPeriodUnits 


The true | false 
PrivateKeyArchive 
setting works only 
if the 
corresponding 
RequestType is set 
to CMC because 
only the Certificate 
Management 
Messages over 
CMS (CMC) 
request format 
allows for securely 
transferring the 
requester's private 
key to the CA for 
key archival. 


EXAMPLE 


NotBefore = 
7/24/2012 19:31 
AM 
Tip: 
NotBefore 
and 
NotAfter are 
for R 
equestType=cert 
only. Date 
parsing 
attempts to be 
locale- 
sensitive. 
Using month 
names will 
disambiguate 
and should 
work in every 
locale. 


NotAfter = 
9/23/2014 19:31 
AM 
Tip: 
NotBefore 
and 
NotAfter are 
for 
RequestType=cert 
only. Date 
parsing 
attempts to be 
locale- 
sensitive. 
Using month 
names will 
disambiguate 
and should 
work in every 
locale. 


PrivateKeyArchive 
= true 


KEY 


EncryptionAlgorith 
m 


EncryptionLength 


ProviderName 


ProviderType 


DESCRIPTION 


The encryption 
algorithm to use. 


Length of 
encryption 
algorithm to use. 


The provider name 
is the display name 
of the CSP 


The provider type 
is used to select 
specific providers 
based on specific 
algorithm 
capability such as 
RSA Full. 


VALUE 


Possible options 
vary, depending 
on the operating 
system version 
and the set of 
installed 
cryptographic 
providers. To see 
the list of available 


algorithms, run the 


command: 


certutil -oid 2 
| findstr 
pwszCNGAlgid 


. The specified CSP 
used must also 
support the 
specified 
symmetric 
encryption 
algorithm and 
length. 


Any length allowed 
by the specified 
EncryptionAlgorith 
m. 


If you don't know 
the provider name 
of the CSP you are 
using, run 
certutil - 
csplist 
from a command 
line. The command 
will display the 
names of all CSPs 
that are available 
on the local 
system 


If you do not know 


the provider type 
of the CSP you are 
using, run 
certutil - 
csplist 
from a command- 
line prompt. The 
command will 
display the 
provider type of all 
CSPs that are 
available on the 
local system. 


EXAMPLE 


EncryptionAlgorithm 
= 3des 


EncryptionLength 
= 128 


ProviderName = 
Microsoft RSA 
SChannel 
Cryptographic 
Provider 


ProviderType = 
1 


KEY 


RenewalCert 


RequesterName 


DESCRIPTION 


If you need to 
renew a certificate 
that exists on the 
system where the 
certificate request 
is generated, you 
must specify its 
certificate hash as 
the value for this 
key. 


Makes the request 
to enroll on behalf 
of another user 
request.The 
request must also 
be signed with an 
Enrollment Agent 
certificate, or the 
CA will reject the 
request. Use the 
-cert option to 
specify the 
enrollment agent 
certificate. The 
requester name 
can be specified for 
certificate requests 
if the 
RequestType is 
set to PKCSH7 or 
cmc . If the 
RequestType is 
set to PKCS#10 , 
this key will be 
ignored. The 
Requestername 
can only be set as 
part of the 
request. You 
cannot manipulate 
the 
Requestername 
in a pending 
request. 


VALUE 


The certificate 
hash of any 
certificate that is 
available at the 
computer where 
the certificate 
request is created. 
If you do not know 
the certificate 
hash, use the 
Certificates MMC 
Snap-In and look 
at the certificate 
that should be 
renewed. Open the 
certificate 
properties and see 
the Thumbprint 
attribute of the 
certificate. 
Certificate renewal 
requires either a 

PKCS#7 ora 

cmc request 
format. 


Domain\User 


EXAMPLE 


RenewalCert = 
4EDF274BD2919C6E9EC6A522FØF3B153E9B1582D 


Requestername 
Contoso\BSmith 


KEY 


RequestType 


SecurityDescriptor 


AlternateSignature 
Algorithm 


DESCRIPTION 


Determines the 
standard that is 
used to generate 
and send the 


certificate request. 


Contains the 
security 
information 
associated with 
securable objects. 


For most securable 


objects, you can 
specify an object's 


security descriptor 
in the function call 


that creates the 
object.Strings 
based on security 
descriptor 
definition 
language. 

Tip: This is 
relevant only 
for machine 
context non- 
smart card 
keys. 


Specifies and 


retrieves a Boolean 


value that 
indicates whether 
the signature 
algorithm object 


identifier (OID) for 
a PKCS#10 request 


or certificate 
signature is 
discrete or 
combined. 


VALUE 
PKCS19 - 
e|-1 
PKCS7 -- 
e 2 


© [CNC EnS 


Cert == 
oe 4 
SCEP -- 
fdoð 
@ (64768) 


Tip: This option 
indicates a self- 
signed or self- 
issued certificate. It 
doesn't generate a 
request, but rather 
a new certificate 
and then installs 
the certificate. Self- 
signed is the 
default. Specify a 
signing cert by 
using the —cert 
option to create a 
self-issued 
certificate that is 
not self-signed. 


SecurityDescriptor 
= D:P(A: 7GA: iI SY) 
(A; ;GA; ; ;BA) 


true | false 


EXAMPLE 


RequestType = 
CMC 


AlternateSignatureAlgorithm 
= false 


For an RSA 
signature, 
false 
indicates a 
Pkcs1 v1.5, 
while true 
indicates a 
v2.1 
signature. 


KEY 


Silent 


SMIME 


DESCRIPTION 


By default, this 
option allows the 
CSP access to the 
interactive user 
desktop and 
request 
information such 
as a smart card 
PIN from the user. 
If this key is set to 
TRUE, the CSP 
must not interact 
with the desktop 
and will be blocked 
from displaying 
any user interface 
to the user. 


If this parameter is 
set to TRUE, an 
extension with the 
object identifier 
value 
1.2.840.113549.1. 
9.15 is added to 
the request. The 
number of object 
identifiers depends 
on the on the 
operating system 
version installed 
and CSP capability, 
which refer to 
symmetric 
encryption 
algorithms that 
may be used by 
Secure 
Multipurpose 
Internet Mail 
Extensions 
(S/MIME) 
applications such 
as Outlook. 


VALUE EXAMPLE 
true | false Silent = true 
true | false SMIME = true 


KEY 


UseExistingKeySet 


KeyProtection 


SuppressDefaults 


FriendlyName 


Validity PeriodUnits 


DESCRIPTION VALUE 


This parameter is 
used to specify 
that an existing 
key pair should be 
used in building a 
certificate request. 
If this key is set to 
TRUE, you must 
also specify a value 
for the 
RenewalCert key 
or the 
KeyContainer 
name. You must 


true | false 


not set the 
Exportable key 
because you 
cannot change the 
properties of an 
existing key. In this 
case, no key 
material is 
generated when 
the certificate 
request is built. 


Specifies a value e 
that indicates how 
a private key is mene, 
protected before ° 


XCN_NCRYPT_UI_NO_PROTCTION_FLAG 


EXAMPLE 


UseExistingKeySet 
= true 


KeyProtection = 
E_HIGH_PROTECTION_FLAG 


use. XCN_NCRYPT_UI_PROTECT_KEY_FLAG 


eee 


XCN_NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG 
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Specifies a Boolean 
value that 


true | false 


indicates whether 
the default 
extensions and 
attributes are 
included in the 
request. The 
defaults are 
represented by 
their object 
identifiers (OIDs). 


A friendly name for Text 
the new certificate. 


Specifies a number Numeric 
of units that is to 

be used with 

Validity Period. 

Note: This is used 

only when the 


request 
type=cert 


SuppressDefaults 
= true 


FriendlyName = 
Server1 


ValidityPeriodUnits 
= 3 


KEY DESCRIPTION VALUE EXAMPLE 


ValidityPeriod ValidityPeriod must Years | Months ValidityPeriod 
be an US English | Weeks | Days = Years 
: . | Hours | 
plural time period. Mn 
Note: This is used Seconds 


only when the 
request type=cert. 


Parameter to the left of the equal sign (=) 


Parameter to the right of the equal sign (=) 


[extensions] 


This section is optional. 


EXTENSION OID DEFINITION EXAMPLE 

2.5.29.17 2.5.29.17 = {text} 

continue continue = UPN=User@Domain.com& 
continue continue = EMail=User@Domain.com& 
continue continue = DNS=host.domain.com& 
continue continue = 


DirectoryName=CN=Name, DC=Domain, DC=com& 


continue continue = URL= 
<http://host.domain.com/default.html&> 


continue continue = IPAddress=10.0.0.1& 

continue continue = RegisteredId=1.2.3.4.58& 

continue continue = 1.2.3.4.6.1= 
{utf8}String& 

continue continue = 1.2.3.4.6.2= 


{octet }AAECAwQFBgc=& 


continue continue = 1.2.3.4.6.2={octet} 
{hex}00 01 02 03 04 05 06 07& 


continue continue = 1.2.3.4.6.3= 
{asn}BAgAAQIDBAUGBw==& 


continue continue = 1.2.3.4.6.3={hex}04 08 
00 01 02 03 04 05 06 07 


2.5.29.37 2.5.29.37={text} 
continue continue = 1.3.6.1.5.5.7 
continue continue = 1.3.6.1.5.5.7.3.1 


2.5.29.19 (text)ca=Øpathlength=3 


EXTENSION OID 


Critical 


KeySpec 


RequestType 


KeyUsage 


KeyUsageProperty 


KeyProtection 


DEFINITION 


EXAMPLE 


Critical=2.5.29.19 


© AT NONE -- © 
© AT SIGNATURE -- 2 


@ AT KEYEXCHANGE -- 1 


@  PKCS1Ø -- 1 
@ PKCS7 -- 2 
© CMC -- 3 
@ Cert -- 4 


© SCEP -- fd@@ (64768) 





e 
CERT_DIGITAL_SIGNATURE_KEY_USAGE 
-- 80 (128) 

e 
CERT_NON_REPUDIATION_KEY_USAGE 
-- 40 (64) 

e 
CERT_KEY_ENCIPHERMENT_KEY_USAGE 
-- 20 (32) 

e 
CERT_DATA_ENCIPHERMENT_KEY_USAGE 
-- 10 (16) 
CERT_KEY_AGREEMENT_KEY_USAGE 

oe |--8 
CERT KEY CERT SIGN KEY USAGE 

e |--4 

e 
CERT_OFFLINE_CRL_SIGN_KEY_USAGE 
=o) 

© CERT_CRL_SIGN_KEY_USAGE -- 2 
CERT_ENCIPHER_ONLY_KEY_USAGE 

© [eer 
CERT_DECIPHER_ONLY_KEY_USAGE 


e -- 8000 (32768) 


NCRYPT_ALLOW_DECRYPT_FLAG -- 


e 1 
NCRYPT ALLOW SIGNING FLAG -- 

e 2 

e 


NCRYPT_ALLOW_KEY_AGREEMENT_FLAG 
204 


NCRYPT ALLOW ALL USAGES -- 
@ | FFFFFF (16777215) 


NCRYPT UI NO PROTECTION FLAG 
e --@ 


NCRYPT_UI_PROTECT_KEY_FLAG -- 
e 1 





NCRYPT UI FORCE HIGH PROTECTION FLAG 
oe 


EXTENSION OID 


SubjectNameFlags 


DEFINITION 


template 


EXAMPLE 


CT FLAG SUBJECT REQUIRE COMMON NAME 
-- 49000000 (1073741824) 


CT FLAG SUBJECT REQUIRE DIRECTORY PATH 
-- 80000000 (2147483648) 


CT FLAG SUBJECT REQUIRE DNS AS CN 
-- 19000000 (268435456) 


CT FLAG SUBJECT REQUIRE EMAIL 
-- 20000000 (536870912) 


CT FLAG OLD CERT SUPPLIES SUBJECT AND ALT. 
eg 


CT FLAG SUBJECT ALT REQUIRE DIRECTORY GUII 
-- 1000009 (16777216) 


CT_FLAG_SUBJECT_ALT_REQUIRE_DNS 
-- 8000000 (134217728) 


CT_FLAG_SUBJECT_ALT_REQUIRE_DOMAIN_DNS 
-- 400000 (4194304) 


CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL 
-- 4000000 (67108864) 


CT_FLAG_SUBJECT_ALT_REQUIRE_SPN 
-- 800000 (8388608) 





CT_FLAG_SUBJECT_ALT_REQUIRE_UPN 
-- 2000000 (33554432) 


EXTENSION OID DEFINITION EXAMPLE 


X500NameFlags @  CERT NAME STR NONE -- @ 
6  CERT OID NAME STR -- 2 
€  CERT X50Ø NAME STR -- 3 


CERT NAME STR SEMICOLON FLAG 
e -- 49000000 (1073741824) 


CERT NAME STR NO PLUS FLAG -- 
© 20000000 (536870912) 


CERT_NAME_STR_NO_QUOTING_FLAG 
e -- 19000000 (268435456) 


CERT_NAME_STR_CRLF_FLAG -- 
© 8000009 (134217728) 


CERT_NAME_STR_COMMA_FLAG -- 
© 4000009 (67108864) 


CERT_NAME_STR_REVERSE_FLAG -- 
© 2000000 (33554432) 


CERT_NAME_STR_FORWARD_FLAG -- 
© 1000009 (16777216) 


e 
CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG 
-- 10000 (65536) 

e 
CERT NAME STR ENABLE T61 UNICODE FLAG 
-- 20000 (131072) 

e 
CERT NAME STR ENABLE UTF8 UNICODE FLAG 
-- 40000 (262144) 

e 
CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG 
-- 80000 (524288) 

e 
CERT_NAME_STR_DISABLE_UTF8_DIR_STR_FLAG 
-- 100000 (1048576) 

e 


CERT NAME STR ENABLE PUNYCODE FLAG 
-- 200000 (2097152) 





NOTE 


SubjectNameFlags allows the INF file to specify which Subject and SubjectAltName extension fields should be auto-populated by 
certreq based on the current user or current machine properties: DNS name, UPN, and so on. Using the literal template means the 
template name flags are used instead. This allows a single INF file to be used in multiple contexts to generate requests with context- 


specific subject information. 


X5@@NameFlags specifies the flags to be passed directly to CertStrToName API when the Subject INF keys value is converted to 


an ASN.1 encoded Distinguished Name. 








Example 


To create a policy file (.inf) in Notepad and save it as requestconfig.inf. 


[NewRequest] 

Subject = CN=<FQDN of computer you are creating the certificate> 
Exportable = TRUE 

KeyLength = 2048 

KeySpec = 1 

KeyUsage = ØxfØ 

MachineKeySet = TRUE 
[RequestAttributes ] 
CertificateTemplate=WebServer 
[Extensions] 

OID TDL a 

OID LEL Sa 


On the computer for which you are requesting a certificate: 


certreq -new requestconfig.inf certrequest.req 


To use the [Strings] section syntax for OIDs and other difficult to interpret data. The new (text) syntax example for EKU 
extension, which uses a comma separated list of OIDs: 


[Version] 
Signature=$Windows NT$ 


[Strings] 

sZOID_ENHANCED_KEY_USAGE = 2.5.29.37 
szOID_PKIX_KP_SERVER_AUTH = 1.3.6.1.5.5.7.3.1 
szOID_PKIX_KP_CLIENT AUTH = 1.3.6.1.5.5.7.3.2 


[NewRequest ] 
Subject = CN=TestSelfSignedCert 
Requesttype = Cert 


[Extensions] 


%SZOID_ENHANCED_KEY_USAGE%={text}%szOID_PKIX_KP_SERVER_AUTH%, 
_continue_ = %szOID_PKIX_KP_CLIENT_AUTH% 


certreq -accept 


The -accept parameter links the previously generated private key with the issued certificate and removes the pending 


certificate request from the system where the certificate is requested (if there is a matching request). 


To manually accept a certificate: 


certreq -accept certnew.cer 





WARNING 


Using the -accept parameter with the -user and -machine options indicates whether the installing certificate should be 
installed in user or machine context. If there's an outstanding request in either context that matches the public key being installed, 


then these options aren't needed. If there is no outstanding request, then one of these must be specified. 





certreq -policy 


The policy.inf file is a configuration file that defines the constraints applied to a CA certification, when a qualified 
subordination is defined. 


To build a cross certificate request: 


certreq -policy certsrv.req policy.inf newcertsrv.req 


Using certreq -policy without any additional parameter opens a dialog window, allowing you to select the requested fie 
(.req, .cmc, .txt, .der, .cer or .crt). After you select the requested file and click Open, another dialog window opens, allowing 
you to select the policy.inf file. 


Examples 
Find an example of the policy.inf file in the CAPolicy.inf Syntax. 
certreq -sign 


To create a new certificate request, sign it, and to submit it: 


certreq -new policyfile.inf myrequest.req 
certreq -sign myrequest.req myrequest.req 
certreq -submit myrequest_sign.req myrequest_cert.cer 


Remarks 
e Using certreq -sign without any additional parameter it will open a dialog window so you can select the requested 


file (req, cmc, txt, der, cer or crt). 


e Signing the qualified subordination request may require Enterprise Administrator credentials. This is a best 


practice for issuing signing certificates for qualified subordination. 


e The certificate used to sign the qualified subordination request uses the qualified subordination template. Enterprise 


Administrators will have to sign the request or grant user permissions to the individuals signing the certificate. 


e You might be required to have additional personnel sign the CMC request after you. This will depend on the 
assurance level associated with the qualified subordination. 


e Ifthe parent CA of the qualified subordinate CA you are installing is offline, you must obtain the CA certificate for 
the qualified subordinate CA from the offline parent. If the parent CA is online, specify the CA certificate for the 
qualified subordinate CA during the Certificate Services Installation wizard. 


certreq -enroll 


You can use this comment to enroll or renew your certificates. 


Examples 


To enroll a certificate, using the WebServer template, and by selecting the policy server using U/I: 
certreq -enroll -machine -policyserver * WebServer 

To renew a certificate using a serial number: 
certreq -enroll -machine -cert 61 2d 3c fe 00 00 00 00 0O 05 renew 


You can only renew valid certificates. Expired certificates can't be renewed and must be replaced with a new certificate. 


Options 


OPTIONS DESCRIPTION 
-any Force ICertRequest::Submit to determine encoding type. 
-attrib <attributestring> Specifies the Name and Value string pairs, separated by a colon. 


Separate Name and Value string pairs using \n (for 
example, Name1:value1\nName2:value2). 


-binary Formats output files as binary instead of base64-encoded. 


-policyserver <policyserver> ldap: <path> 
Insert the URI or unique ID for a computer running the Certificate 
Enrollment Policy web service. 
To specify that you would like to use a request file by 
browsing, just use a minus (-) sign for <policyserver> . 


OPTIONS 


-config <ConfigString> 


-anonymous 


-kerberos 


-clientcertificate <ClientCertId> 


-username <username> 


-P <password> 


-user 


-machine 


-crl 


-rpc 


-adminforcemachine 


-renewonbehalfof 


-q 


-unicode 


DESCRIPTION 


Processes the operation by using the CA specified in the 
configuration string, which is CAHostName\CAName. For an 
https:\\ connection, specify the enrollment server URI. For the local 
machine store CA, use a minus (-) sign. 


Use anonymous credentials for Certificate Enrollment web services. 


Use Kerberos (domain) credentials for Certificate Enrollment web 
services. 


You can replace the <ClientCertId> with a certificate 
thumbprint, CN, EKU, template, email, UPN, or the new 
name=value syntax. 


Used with Certificate Enrollment web services. You can substitute 
<username> with the SAM name or domain\user value. This 
option is for use with the -p option. 


Used with Certificate Enrollment web services. Substitute 
<password> with the actual user's password. This option is for 
use with the -username option. 


Configures the -user context for a new certificate request or 
specifies the context for an a certificate acceptance. This is the 
default context, if none is specified in the INF or template. 


Configures a new certificate request or specifies the context for an 
a certificate acceptance for the machine context. For new requests 
it must be consistent with the MachineKeyset INF key and the 
template context. If this option is not specified and the template 
does not set a context, then the default is the user context. 


Includes certificate revocation lists (CRLs) in the output to the 
base64-encoded PKCS #7 file specified by certchainfileout or 
to the base64-encoded file specified by requestfileout . 


Instructs Active Directory Certificate Services (AD CS) to use a 
remote procedure call (RPC) server connection instead of 
Distributed COM. 


Use the Key Service or impersonation to submit the request from 
Local System context. Requires that the user invoking this option 
be a member of Local Administrators. 


Submit a renewal on behalf of the subject identified in the signing 
certificate. This sets CR IN ROBO when calling 
ICertRequest::Submit method 


Force existing files to be overwritten. This also bypasses caching 
templates and policy. 


Use silent mode; suppress all interactive prompts. 


Writes Unicode output when standard output is redirected or 
piped to another command, which helps when invoked from 
Windows PowerShell scripts. 


OPTIONS DESCRIPTION 


-unicodetext Sends Unicode output when writing base64 text encoded data 
blobs to files. 
Formats 
FORMATS DESCRIPTION 
requestfilein Base64-encoded or binary input file name: PKCS 10 certificate 


request, CMS certificate request, PKCS #7 certificate renewal 
request, X.509 certificate to be cross-certified, or KeyGen tag 
format certificate request. 


requestfileout Base64-encoded output file name. 
certfileout Base64-encoded X-509 file name. 
PKCS1 Ofileout For use with the certreq -policy parameter only. Base64- 


encoded PKCS10 output file name. 


certchainfileout Base64-encoded PKCS #7 file name. 
fullresponsefileout Base64-encoded full response file name. 
policyfilein For use with the certreq -policy parameter only. INF file 


containing a textual representation of extensions used to qualify a 
request. 


Additional Resources 


The following articles contain examples of certreq usage: 

e How to add a subject alternative name to a secure LDAP certificate 

e Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy 

e Appendix 3: Certreq.exe Syntax 

e How to create a web server SSL certificate manually 

e Certificate Enrollment for System Center Operations Manager Agent 
e Active Directory Certificate Services Overview 


e How to enable LDAP over SSL with a third-party certification authority 


ean] 
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Certutil.exe is a command-line program, installed as part of Certificate Services. You can use certutil.exe to dump 
and display certification authority (CA) configuration information, configure Certificate Services, backup and 
restore CA components, and verify certificates, key pairs, and certificate chains. 


If certutil is run on a certification authority without additional parameters, it displays the current certification 
authority configuration. If certutil is run on a non-certification authority, the command defaults to running the 
certutil [-dump] command. 





IMPORTANT 


Earlier versions of certutil may not provide all of the options that are described in this document. You can see all the options 


that a specific version of certutil provides by running certutil -? or certutil <parameter> -? . 








Parameters 


-dump 


Dump configuration information or files. 


certutil [options] [-dump] 
certutil [options] [-dump] file 


[-f] [-silent] [-split] [-p password] [-t timeout] 


-asn 


Parse the ASN.1 file. 
certutil [options] -asn file [type] 


[type] : numeric CRYPT_STRING_* decoding type 


-decodehex 


Decode a hexadecimal-encoded file. 
certutil [options] -decodehex infile outfile [type] 
[type] : numeric CRYPT STRING * encoding type 
[=] 


-decode 


Decode a Base64-encoded file. 


certutil [options] -decode infile outfile 


[F] 


-encode 


Encode a file to Base64. 


certutil [options] -encode infile outfile 


[-f] [-unicodetext] 


-deny 


Deny a pending request. 


certutil [options] -deny requestID 


[-config Machine\CAName] 


-resubmit 


Resubmit a pending request. 


certutil [options] -resubmit requestId 


[-config Machine\CAName ] 


-setattributes 


Set attributes for a pending certificate request. 


certutil [options] -setattributes RequestID attributestring 


Where: 
e requestID is the numeric Request ID for the pending request. 


e attributestring is the request attribute name and value pairs. 


[-config Machine\CAName ] 


Remarks 


e Names and values must be colon separated, while multiple name, value pairs must be newline separated. For 


example: CertificateTemplate:User\nEMail:User@Domain.com where the \n sequence is converted to a newline 
separator. 


-setextension 


Set an extension for a pending certificate request. 


certutil [options] -setextension requestID extensionname flags {long | date | string | \@infile} 


Where: 
e requestID is the numeric Request ID for the pending request. 
e extensionname is the Objectid string for the extension. 


e flags sets the priority of the extension. @ is recommended, while 1 sets the extension to critical, 2 
disables the extension, and 3 does both. 


[-config Machine\CAName ] 
Remarks 
e If the last parameter is numeric, it's taken as a Long. 
e If the last parameter can be parsed as a date, it's taken as a Date. 


e Ifthe last parameter starts with \@, the rest of the token is taken as the filename with binary data or an 
ascii-text hex dump. 


e If the last parameter is anything else, it's taken as a String. 


-revoke 


Revoke a certificate. 


certutil [options] -revoke serialnumber [reason] 


Where: 
e serialnumber is a comma-separated list of certificate serial numbers to revoke. 
e reason is the numeric or symbolic representation of the revocation reason, including: 
o 0. CRL REASON UNSPECIFIED - Unspecified (default) 
o 1. CRL REASON KEY COMPROMISE - Key compromise 
o 2. CRL REASON CA COMPROMISE - Certificate Authority compromise 
o 3. CRL REASON AFFILIATION CHANGED - Affiliation changed 
o 4. CRL REASON SUPERSEDED - Superseded 
o 5. CRL REASON CESSATION OF OPERATION - Cessation of operation 
o 6. CRL REASON CERTIFICATE HOLD - Certificate hold 
o 8. CRL REASON REMOVE FROM CRL - Remove From CRL 


o 1. Unrevoke - Unrevoke 


[-config Machine\CAName ] 


-isvalid 


Display the disposition of the current certificate. 


certutil [options] -isvalid serialnumber | certhash 


[-config Machine\CAName ] 


-getconfig 


Get the default configuration string. 


certutil [options] -getconfig 


[-config Machine\CAName ] 


-ping 
Attempt to contact the Active Directory Certificate Services Request interface. 


certutil [options] -ping [maxsecondstowait | camachinelist] 


Where: 
e camachinelist is a comma-separated list of CA machine names. For a single machine, use a terminating 


comma. This option also displays the site cost for each CA machine. 


[-config Machine\CAName ] 


-cainfo 


Display information about the certification authority. 


certutil [options] -cainfo [infoname [index | errorcode]] 


Where: 
èe infoname indicates the CA property to display, based on the following infoname argument syntax: 
o file - File version 
o product - Product version 
o exitcount - Exit module count 
o exit [index] - Exit module description 
o policy - Policy module description 
o name - CA name 
o sanitizedname - Sanitized CA name 
o dsname - Sanitized CA short name (DS name) 
o sharedfolder - Shared folder 
o error1 ErrorCode - Error message text 


o error2 ErrorCode - Error message text and error code 


type - CA type 

info - CA info 

parent - Parent CA 

certcount - CA cert count 

xchgcount - CA exchange cert count 

kracount - KRA cert count 

kraused - KRA cert used count 

propidmax - Maximum CA Propld 

certstate [index] - CA cert 

certversion [index] - CA cert version 
certstatuscode [index] - CA cert verify status 
cristate [index] - CRL 

krastate [index] - KRA cert 

crossstate+ [index] -Forward cross cert 
crossstate- [index] - Backward cross cert 
cert [index] -CA cert 

certchain [index] - CA cert chain 
certcrichain [index] -CA cert chain with CRLs 
xchg [index] - CA exchange cert 

xchgchain [index] - CA exchange cert chain 
xchgcrlchain [index] - CA exchange cert chain with CRLs 
kra [index] - KRA cert 

cross+ [index] - Forward cross cert 

cross- [index] - Backward cross cert 

CRL [index] - Base CRL 

deltacrl [index] - Delta CRL 

cristatus [index] -CRL Publish Status 
deltacristatus [index] - Delta CRL Publish Status 
dns - DNS Name 

role - Role Separation 

ads - Advanced Server 


templates - Templates 


© csp [index] - OCSP URLs 
o aia [index] -AIA URLs 
o cdp [index] - CDP URLs 
o localename - CA locale name 
o subjecttemplateoids - Subject Template OIDs 
o * - Displays all properties 
e index is the optional zero-based property index. 


e errorcode is the numeric error code. 


[-f] [-split] [-config Machine\CAName] 


-ca.cert 


Retrieve the certificate for the certification authority. 


certutil [options] -ca.cert outcacertfile [index] 


Where: 
e outcacertfile is the output file. 


e index is the CA certificate renewal index (defaults to most recent). 


[-f] [-split] [-config Machine\CAName] 


-ca.chain 


Retrieve the certificate chain for the certification authority. 


certutil [options] -ca.chain outcacertchainfile [index] 


Where: 
e outcacertchainfile is the output file. 


e index is the CA certificate renewal index (defaults to most recent). 


[-f] [-split] [-config Machine\CAName] 


-getcrl 


Gets a certificate revocation list (CRL). 


certutil [options] -getcrl outfile [index] [delta] 


Where: 
e index is the CRL index or key index (defaults to CRL for most recent key). 


e delta is the delta CRL (default is base CRL). 


[-f] [-split] [-config Machine\CAName] 


-crl 


Publish new certificate revocation lists (CRLs) or delta CRLs. 


certutil [options] -crl [dd:hh | republish] [delta] 


Where: 


e dd:hh is the new CRL validity period in days and hours. 
e republish republishes the most recent CRLs. 


e delta publishes the delta CRLs only (default is base and delta CRLs). 
[-split] [-config Machine\CAName ] 


-shutdown 


Shuts down the Active Directory Certificate Services. 


certutil [options] -shutdown 


[-config Machine\CAName ] 


-installcert 


Installs a certification authority certificate. 


certutil [options] -installcert [cacertfile] 


[-f] [-silent] [-config Machine\CAName ] 


-renewcert 


Renews a certification authority certificate. 
certutil [options] -renewcert [reusekeys] [Machine\ParentCAName ] 

e Use -f to ignore an outstanding renewal request, and to generate a new request. 
[-f] [-silent] [-config Machine\CAName] 


-schema 


Dumps the schema for the certificate. 


certutil [options] -schema [ext | attrib | cRL] 


Where: 


e The command defaults to the Request and Certificate table. 
e ext is the extension table. 
e attribute is the attribute table. 


e crl isthe CRL table. 


[-split] [-config Machine\CAName ] 


-view 


Dumps the certificate view. 


certutil [options] -view [queue | log | logfail | revoked | ext | attrib | crl] [csv] 


Where: 

e queue dumps a specific request queue. 

e log dumps the issued or revoked certificates, plus any failed requests. 
e logfail dumps the failed requests. 

e revoked dumps the revoked certificates. 

e ext dumps the extension table. 

e attribute dumps the attribute table. 

e crl dumps the CRL table. 


e csv provides the output using comma-separated values. 


[-silent] [-split] [-config Machine\CAName] [-restrict RestrictionList] [-out ColumnList] 
Remarks 
e To display the StatusCode column for all entries, type -out StatusCode 
e To display all columns for the last entry, type: -restrict RequestId==$ 


e To display the RequestID and Disposition for three requests, type: 


-restrict requestID>37,requestID<4@ -out requestID, disposition 


e To display Row IDsRow IDs and CRL numbers for all Base CRLs, type: 


-restrict criminbase=Ø -out crlrowID,crinumber crl 
e To display , type: -v -restrict crlminbase=Ø,crlnumber=3 -out crlrawcrl crl 
e To display the entire CRL table, type: CRL 
e Use Date[+|-dd:hh] for date restrictions. 
e Use now+dd:hh for a date relative to the current time. 


-db 


Dumps the raw database. 


certutil [options] -db 


[-config Machine\CAName] [-restrict RestrictionList] [-out ColumnList] 


-deleterow 


Deletes a row from the server database. 


certutil [options] -deleterow rowID | date [request | cert | ext | attrib | crl] 


Where: 

e request deletes the failed and pending requests, based on submission date. 
e cert deletes the expired and revoked certificates, based on expiration date. 
e ext deletes the extension table. 

e attribute deletes the attribute table. 


e crl deletes the CRL table. 


[-f] [-config Machine\CAName] 


Examples 


e To delete failed and pending requests submitted by January 22, 2001, type: 1/22/2001 request 
e To delete all certificates that expired by January 22, 2001, type: 1/22/2001 cert 

e To delete the certificate row, attributes, and extensions for RequestID 37, type: 37 

e To delete CRLs that expired by January 22, 2001, type: 1/22/2001 crl 


-backup 


Backs up the Active Directory Certificate Services. 


certutil [options] -backup backupdirectory [incremental] [keeplog] 


Where: 
e backupdirectory is the directory to store the backed up data. 
e incremental performs an incremental backup only (default is full backup). 


e keeplog preserves the database log files (default is to truncate log files). 


[-f] [-config Machine\CAName] [-p Password] 


-backupdb 


Backs up the Active Directory Certificate Services database. 


certutil [options] -backupdb backupdirectory [incremental] [keeplog] 


Where: 


e backupdirectory is the directory to store the backed up database files. 
èe incremental performs an incremental backup only (default is full backup). 


e keeplog preserves the database log files (default is to truncate log files). 


[-f] [-config Machine\CAName] 


-backupkey 


Backs up the Active Directory Certificate Services certificate and private key. 


certutil [options] -backupkey backupdirectory 


Where: 


e backupdirectory is the directory to store the backed up PFX file. 


[-f] [-config Machine\CAName] [-p password] [-t timeout] 


-restore 


Restores the Active Directory Certificate Services. 


certutil [options] -restore backupdirectory 


Where: 


e backupdirectory is the directory containing the data to be restored. 


[-f] [-config Machine\CAName] [-p password] 


-restoredb 


Restores the Active Directory Certificate Services database. 


certutil [options] -restoredb backupdirectory 


Where: 


e backupdirectory is the directory containing the database files to be restored. 


[-f] [-config Machine\CAName] 


-restorekey 


Restores the Active Directory Certificate Services certificate and private key. 


certutil [options] -restorekey backupdirectory | pfxfile 


Where: 


e backupdirectory is the directory containing PFX file to be restored. 


[-f] [-config Machine\CAName] [-p password] 


-importpfx 


Import the certificate and private key. For more info, see the -store parameter in this article. 


certutil [options] -importpfx [certificatestorename] pfxfile [modifiers] 


Where: 
e certificatestorename is the name of the certificate store. 
e modifiers are the comma-separated list, which can include one or more of the following: 
1. AT SIGNATURE - Changes the keyspec to signature 
2. AT KEYEXCHANGE - Changes the keyspec to key exchange 
3. NoExport - Makes the private key non-exportable 
4. NoCert - Doesn't import the certificate 
5. NoChain - Doesn't import the certificate chain 
6. NoRoot - Doesn't import the root certificate 


7. Protect - Protects keys by using a password 


00 


. NoProtect - Doesn't password protect keys by using a password 


[-f] [-user] [-p password] [-csp provider] 


Remarks 


e Defaults to personal machine store. 


-dynamicfilelist 


Displays a dynamic file list. 


certutil [options] -dynamicfilelist 


[-config Machine\CAName ] 


-databaselocations 


Displays database locations. 


certutil [options] -databaselocations 


[-config Machine\CAName ] 


-hashfile 


Generates and displays a cryptographic hash over a file. 


certutil [options] -hashfile infile [hashalgorithm] 


-store 


Dumps the certificate store. 


certutil [options] -store [certificatestorename [certID [outputfile]]] 


Where: 


e certificatestorename is the certificate store name. For example: 


o 


My, CA (default), Root, 


ldap:///CN=Certification Authorities,CN=Public Key 
Services, CN=Services,CN=Configuration,DC=cpandl,DC=com?cACertificate?one? 
objectClass=certificationAuthority (View Root Certificates) 


ldap:///CN=CAName,CN=Certification Authorities,CN=Public Key 
Services, CN=Services,CN=Configuration,DC=cpandl,DC=com?cACertificate?base? 
objectClass=certificationAuthority (Modify Root Certificates) 


ldap: ///CN=CAName , CN=MachineName, CN=CDP,CN=Public Key 
Services, CN=Services,CN=Configuration,DC=cpandl,DC=com?certificateRevocationList?base? 
objectClass=cRLDistributionPoint (View CRLS) 


ldap:///CN=NTAuthCertificates,CN=Public Key 
Services, CN=Services,CN=Configuration,DC=cpandl,DC=com?cACertificate?base? 
objectClass=certificationAuthority (Enterprise CA Certificates) 


ldap: (AD computer object certificates) 


-user ldap: (AD user object certificates) 


e certID is the certificate or CRL match token. This can be a serial number, a SHA-1 certificate, CRL, CTL or 
public key hash, a numeric cert index (0, 1, and so on), a numeric CRL index (.0, .1, and so on), a numeric CTL 
index (..0, ..1, and so on), a public key, signature or extension Objectld, a certificate subject Common Name, 
an e-mail address, UPN or DNS name, a key container name or CSP name, a template name or Objectld, an 


EKU or Application Policies Objectld, or a CRL issuer Common Name. Many of these may result in multiple 
matches. 


e outputfile is the file used to save the matching certificates. 


[-f] [-user] [-enterprise] [-service] [-grouppolicy] [-silent] [-split] [-dc DCName] 


Options 

e The -user option accesses a user store instead of a machine store. 
e The -enterprise option accesses a machine enterprise store. 

e The -service option accesses a machine service store. 

e The -grouppolicy option accesses a machine group policy store. 
For example: 


@® -enterprise NTAuth 


& -enterprise Root 37 


@ -user My 26eĝðaaaf000000000004 


@ CA .11 


-addstore 


Adds a certificate to the store. For more info, see the -store parameter in this article. 


certutil [options] -addstore certificatestorename infile 


Where: 
e certificatestorename is the certificate store name. 


e infile is the certificate or CRL file you want to add to store. 


[-f] [-user] [-enterprise] [-grouppolicy] [-dc DCName] 


-delstore 


Deletes a certificate from the store. For more info, see the -store parameter in this article. 


certutil [options] -delstore certificatestorename certID 


Where: 
e certificatestorename is the certificate store name. 


e certID is the certificate or CRL match token. 


[-enterprise] [-user] [-grouppolicy] [-dc DCName] 


-verifystore 


Verifies a certificate in the store. For more info, see the -store parameter in this article. 


certutil [options] -verifystore certificatestorename [certID] 


Where: 
e certificatestorename is the certificate store name. 


e certID is the certificate or CRL match token. 


[-enterprise] [-user] [-grouppolicy] [-silent] [-split] [-dc DCName] [-t timeout] 


-repairstore 


Repairs a key association or update certificate properties or the key security descriptor. For more info, see the 


-store parameter in this article. 


certutil [options] -repairstore certificatestorename certIDlist [propertyinffile | SDDLsecuritydescriptor] 


Where: 
e certificatestorename is the certificate store name. 


e certIDlist is the comma-separated list of certificate or CRL match tokens. For more info, see the 


-store certID description in this article. 


e propertyinffile is the INF file containing external properties, including: 


[Properties ] 
19 = Empty ; Add archived property, OR: 
19 = 3; Remove archived property 


11 = {text}Friendly Name ; Add friendly name property 
127 = {hex} ; Add custom hexadecimal property 
_continue_ = @@ Ø1 02 03 04 05 06 07 Ø8 09 ða Bb Oc Od Ge OF 


_continue_ = 1@ 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d Te TF 


2 = {text} ; Add Key Provider Information property 


_continue_ = Container=Container Name& 

_continue_ = Provider=Microsoft Strong Cryptographic Provider& 
_continue_ = ProviderType=1& 

_continue_ = Flags=0& 

_continue_ = KeySpec=2 


9 = {text} ; Add Enhanced Key Usage property 
ECONLINUC Eel Si O65 7S 2 
SCONLINUCH = aL Si Ondo Od oly 


[-f] [-enterprise] [-user] [-grouppolicy] [-silent] [-split] [-csp provider] 


-viewstore 


Dumps the certificates store. For more info, see the -store parameter in this article. 


certutil [options] -viewstore [certificatestorename [certID [outputfile]]] 


Where: 
e certificatestorename is the certificate store name. 
e certID is the certificate or CRL match token. 


e outputfile is the file used to save the matching certificates. 


[-f] [-user] [-enterprise] [-service] [-grouppolicy] [-dc DCName] 
Options 
e The -user option accesses a user store instead of a machine store. 
e The -enterprise option accesses a machine enterprise store. 
e The -service option accesses a machine service store. 
e The -grouppolicy option accesses a machine group policy store. 
For example: 
@ -enterprise NTAuth 
@ -enterprise Root 37 


@ -user My 26eðaaaf000000000004 


e CA.11 


-viewdelstore 


Deletes a certificate from the store. 


certutil [options] -viewdelstore [certificatestorename [certID [outputfile]]] 


Where: 
e certificatestorename is the certificate store name. 
e certID is the certificate or CRL match token. 


e outputfile is the file used to save the matching certificates. 


[-f] [-user] [-enterprise] [-service] [-grouppolicy] [-dc DCName] 
Options 
e The -user option accesses a user store instead of a machine store. 
e The -enterprise option accesses a machine enterprise store. 
e The -service option accesses a machine service store. 
e The -grouppolicy option accesses a machine group policy store. 
For example: 
@ -enterprise NTAuth 
@ -enterprise Root 37 
@ -user My 26eĝðaaaf000000000004 
e CA.11 


-dspublish 


Publishes a certificate or certificate revocation list (CRL) to Active Directory. 


certutil [options] -dspublish certfile [NTAuthCA | RootCA | SubCA | CrossCA | KRA | User | Machine] 


certutil [options] -dspublish CRLfile [DSCDPContainer [DSCDPCN] ] 


Where: 

e certfile is the name of the certificate file to publish. 

e NTAuthCA publishes the certificate to the DS Enterprise store. 

e RootCA publishes the certificate to the DS Trusted Root store. 

e SubCA publishes the CA certificate to the DS CA object. 

e CrossCA publishes the cross-certificate to the DS CA object. 

e KRA publishes the certificate to the DS Key Recovery Agent object. 


e User publishes the certificate to the User DS object. 


e Machine publishes the certificate to the Machine DS object. 

e CRLfile is the name of the CRL file to publish. 

e DSCDPContainer is the DS CDP container CN, usually the CA machine name. 

e DSCDPCN is the DS CDP object CN, usually based on the sanitized CA short name and key index. 


e Use -f to create a new DS object. 


[-f] [-user] [-dc DCName] 


-adtemplate 


Displays Active Directory templates. 


certutil [options] -adtemplate [template] 


[-f] [-user] [-ut] [-mt] [-dc DCName] 


-template 


Displays the certificate templates. 


certutil [options] -template [template] 


[-f] [-user] [-silent] [-policyserver URLorID] [-anonymous] [-kerberos] [-clientcertificate clientcertID] [- 
username username] [-p password] 


-templatecas 


Displays the certification authorities (CAs) for a certificate template. 


certutil [options] -templatecas template 


[-f] [-user] [-dc DCName] 


-catemplates 


Displays templates for the Certificate Authority. 


certutil [options] -catemplates [template] 


[-f] [-user] [-ut] [-mt] [-config Machine\CAName] [-dc DCName] 


-setcasites 


Manages site names, including setting, verifying, and deleting Certificate Authority site names 


certutil [options] -setcasites [set] [sitename] 
certutil [options] -setcasites verify [sitename] 
certutil [options] -setcasites delete 


Where: 


e sitename is allowed only when targeting a single Certificate Authority. 


[-f] [-config Machine\CAName] [-dc DCName] 
Remarks 
e The -config option targets a single Certificate Authority (Default is all CAs). 


e The -f option can be used to override validation errors for the specified sitename or to delete all CA 


sitenames. 





NOTE 
For more information about configuring CAs for Active Directory Domain Services (AD DS) site awareness, see AD DS Site 
Awareness for AD CS and PKI clients. 





-enrollmentserverURL 


Displays, adds, or deletes enrollment server URLs associated with a CA. 


certutil [options] -enrollmentServerURL [URL authenticationtype [priority] [modifiers]] 
certutil [options] -enrollmentserverURL URL delete 


Where: 

e authenticationtype specifies one of the following client authentication methods, while adding a URL: 
1. kerberos - Use Kerberos SSL credentials. 
2. username - Use a named account for SSL credentials. 
3. clientcertificate: - Use X.509 Certificate SSL credentials. 
4. anonymous - Use anonymous SSL credentials. 

e delete deletes the specified URL associated with the CA. 

e priority defaults to 1 if not specified when adding a URL. 

e modifiers is a comma-separated list, which includes one or more of the following: 

1. allowrenewalsonly - Only renewal requests can be submitted to this CA via this URL. 

2. allowkeybasedrenewal - Allows use of a certificate that has no associated account in the AD. This applies 
only with clientcertificate and allowrenewalsonly Mode 


[-config Machine\CAName] [-dc DCName] 


-adca 


Displays Active Directory Certificate Authorities. 


certutil [options] -adca [CAName] 


[-f] [-split] [-dc DCName] 


-ca 


Displays enrollment policy Certificate Authorities. 


certutil [options] -CA [CAName | templatename] 


[-f] [-user] [-silent] [-split] [-policyserver URLorID] [-anonymous] [-kerberos] [-clientcertificate 
clientcertID] [-username username] [-p password] 


-policy 


Displays the enrollment policy. 


[-f] [-user] [-silent] [-split] [-policyserver URLorID] [-anonymous] [-kerberos] [-clientcertificate 
clientcertID] [-username username] [-p password] 


-policycache 


Displays or deletes enrollment policy cache entries. 


certutil [options] -policycache [delete] 


Where: 
e delete deletes the policy server cache entries. 


e -f deletes all cache entries 


[-f] [-user] [-policyserver URLorID] 


-credstore 


Displays, adds, or deletes Credential Store entries. 


certutil [options] -credstore [URL] 
certutil [options] -credstore URL add 
certutil [options] -credstore URL delete 


Where: 

e URL is the target URL. You can also use * to match all entries or https://machine* to match a URL prefix. 
e add adds a credential store entry. Using this option also requires the use of SSL credentials. 

e delete deletes credential store entries. 


e -f overwrites a single entry or deletes multiple entries. 


[-f] [-user] [-silent] [-anonymous] [-kerberos] [-clientcertificate clientcertID] [-username username] [-p 
password] 


-installdefaulttemplates 


Installs default certificate templates. 


certutil [options] -installdefaulttemplates 


[-dc DCName] 


-URLcache 


Displays or deletes URL cache entries. 
certutil [options] -URLcache [URL | CRL | * [delete]] 


Where: 

e URL is the cached URL. 

e CRL runs on all cached CRL URLs only. 

e * operates on all cached URLs. 

e delete deletes relevant URLs from the current user's local cache. 


e -f forces fetching a specific URL and updating the cache. 


[-f] [-split] 


-pulse 


Pulses auto enrollment events. 


certutil [options] -pulse 


[-user] 


-machineinfo 


Displays information about the Active Directory machine object. 


certutil [options] -machineinfo domainname\machinename$ 


-DCInfo 


Displays information about the domain controller. The default displays DC certificates without verification. 


certutil [options] -DCInfo [domain] [verify | deletebad | deleteall] 


[-f] [-user] [-urlfetch] [-dc DCName] [-t timeout] 





TIP 


The ability to specify an Active Directory Domain Services (AD DS) domain [Domain] and to specify a domain controller (- 
dc) was added in Windows Server 2012. To successfully run the command, you must use an account that is a member of 
Domain Admins or Enterprise Admins. The behavior modifications of this command are as follows: 


1. 1. Ifa domain is not specified and a specific domain controller is not specified, this option returns a list of domain 
controllers to process from the default domain controller. 

2. 2. If a domain is not specified, but a domain controller is specified, a report of the certificates on the specified domain 
controller is generated. 

3. 3. If a domain is specified, but a domain controller is not specified, a list of domain controllers is generated along with 
reports on the certificates for each domain controller in the list. 

4. 4. If the domain and domain controller are specified, a list of domain controllers is generated from the targeted domain 
controller. A report of the certificates for each domain controller in the list is also generated. 


For example, assume there is a domain named CPANDL with a domain controller named CPANDL-DC1. You can run the 
following command to a retrieve a list of domain controllers and their certificates that from CPANDL-DC1: 


certutil -dc cpandl-dc1 -DCInfo cpandl 








-entinfo 


Displays information about an enterprise Certificate Authority. 


certutil [options] -entinfo domainname\machinename$ 


[-f] [-user] 


-tcainfo 


Displays information about the Certificate Authority. 


certutil [options] -tcainfo [domainDN | -] 


[-f] [-enterprise] [-user] [-urlfetch] [-dc DCName] [-t timeout] 


-scinfo 


Displays information about the smart card. 


certutil [options] -scinfo [readername [CRYPT_DELETEKEYSET ] ] 


Where: 


e CRYPT_DELETEKEYSET deletes all keys on the smart card. 


[-silent] [-split] [-urlfetch] [-t timeout] 


-scroots 


Manages smart card root certificates. 


certutil [options] -scroots update [+][inputrootfile] [readername] 
certutil [options] -scroots save \@in\\outputrootfile [readername] 
certutil [options] -scroots view [inputrootfile | readername] 
certutil [options] -scroots delete [readername] 


[-f] [-split] [-p Password] 


-verifykeys 


Verifies a public or private key set. 


certutil [options] -verifykeys [keycontainername cacertfile] 


Where: 


e keycontainername is the key container name for the key to verify. This option defaults to machine keys. To 
switch to user keys, use -user . 


e cacertfile signs or encrypts certificate files. 


[-f] [-user] [-silent] [-config Machine\CAName] 


Remarks 


e If no arguments are specified, each signing CA certificate is verified against its private key. 
e This operation can only be performed against a local CA or local keys. 


-verify 


Verifies a certificate, certificate revocation list (CRL), or certificate chain. 


certutil [options] -verify certfile [applicationpolicylist | - [issuancepolicylist]] 


certutil [options] -verify certfile [cacertfile [crossedcacertfile] ] 
certutil [options] -verify CRLfile cacertfile [issuedcertfile] 


options] -verify CRLfile cacertfile [deltaCRLfile] 


mm mma 


certutil 


Where: 


certfile is the name of the certificate to verify. 

e applicationpolicylist is the optional comma-separated list of required Application Policy Objectlds. 
e issuancepolicylist is the optional comma-separated list of required Issuance Policy Objectlds. 

e cacertfile is the optional issuing CA certificate to verify against. 

e crossedcacertfile is the optional certificate cross-certified by certfile. 

e CRLfile is the CRL file used to verify the cacertfile. 

e issuedcertfile is the optional issued certificate covered by the CRLfile. 


e deltaCRLfile is the optional delta CRL file. 


[-f] [-enterprise] [-user] [-silent] [-split] [-urlfetch] [-t timeout] 


Remarks 


e Using applicationpolicylist restricts chain building to only chains valid for the specified Application 


Policies. 
e Using issuancepolicylist restricts chain building to only chains valid for the specified Issuance Policies. 
e Using cacertfile verifies the fields in the file against certfile or CRLfile. 
e Using issuedcertfile verifies the fields in the file against CRLfile. 
e Using deltaCRLfile verifies the fields in the file against certfile. 
e If cacertfile isn't specified, the full chain is built and verified against certfile. 
e If cacertfile and crossedcacertfile are both specified, the fields in both files are verified against certfile. 


-verifyCTL 
Verifies the AuthRoot or Disallowed Certificates CTL. 


certutil [options] -verifyCTL CTLobject [certdir] [certfile] 


Where: 
e CTLobject identifies the CTL to verify, including: 


o AuthRootWU - Reads the AuthRoot CAB and matching certificates from the URL cache. Use -f to 


download from Windows Update instead. 


o DisallowedWU - Reads the Disallowed Certificates CAB and disallowed certificate store file from the 
URL cache. Use -f to download from Windows Update instead. 


o AuthRoot - Reads the registry-cached AuthRoot CTL. Use with -f and an untrusted certfile to 
force the registry cached AuthRoot and Disallowed Certificate CTLs to update. 


o Disallowed - Reads the registry-cached Disallowed Certificates CTL. Use with -f and an untrusted 


certfile to force the registry cached AuthRoot and Disallowed Certificate CTLs to update. 
e CTLfilename specifies the file or http path to the CTL or CAB file. 


e certdir specifies the folder containing certificates matching the CTL entries. Defaults to the same folder or 
website as the CTLobject. Using an http folder path requires a path separator at the end. If you don't specify 
AuthRoot or Disallowed, multiple locations will be searched for matching certificates, including local 
certificate stores, crypt32.dll resources and the local URL cache. Use -f to download from Windows 


Update, as needed. 


certfile specifies the certificate(s) to verify. Certificates are matched against CTL entries, displaying the 


results. This option suppresses most of the default output. 


[-f] [-user] [-split] 


-sign 


Re-signs a certificate revocation list (CRL) or certificate. 


certutil [options] -sign infilelist | serialnumber | CRL outfilelist [startdate+dd:hh] [+serialnumberlist | - 
serialnumberlist | -objectIDlist | \@extensionfile] 

certutil [options] -sign infilelist | serialnumber | CRL outfilelist [#hashalgorithm] 
[+alternatesignaturealgorithm | -alternatesignaturealgorithm] 


Where: 


infilelist is the comma-separated list of certificate or CRL files to modify and re-sign. 


serialnumber is the serial number of the certificate to create. The validity period and other options can't be 
present. 


CRL creates an empty CRL. The validity period and other options can't be present. 


outfilelist is the comma-separated list of modified certificate or CRL output files. The number of files must 
match infilelist. 


startdate+dd:hh is the new validity period for the certificate or CRL files, including: 
o optional date plus 
o optional days and hours validity period 


If both are specified, you must use a plus sign (+) separator. Use now[+dd:hh] to start at the current time. 
Use never to have no expiration date (for CRLs only). 


serialnumberlist is the comma-separated serial number list of the files to add or remove. 
objectIDlist is the comma-separated extension Objectld list of the files to remove. 


@extensionfile is the INF file that contains the extensions to update or remove. For example: 


[Extensions] 
2.5.29.31 = ; Remove CRL Distribution Points extension 
2.5.29.15 = {hex} ; Update Key Usage extension 
_continue_=@3 @2 01 86 


hashalgorithm is the name of the hash algorithm. This must only be the text preceded by the # sign. 


alternatesignaturealgorithm is the alternate signature algorithm specifier. 


[-nullsign] [-f] [-silent] [-cert certID] 


Remarks 


Using the minus sign (-) removes serial numbers and extensions. 
Using the plus sign (+) adds serial numbers to a CRL. 
You can use a list to remove both serial numbers and ObjectIDs from a CRL at the same time. 


Using the minus sign before alternatesignaturealgorithm allows you to use the legacy signature format. 
Using the plus sign allows you to use the alternate signature format. If you don't specify 
alternatesignaturealgorithm, the signature format in the certificate or CRL is used. 


-vroot 


Creates or deletes web virtual roots and file shares. 


certutil [options] -vroot [delete] 


-vocsproot 


Creates or deletes web virtual roots for an OCSP web proxy. 


certutil [options] -vocsproot [delete] 


-addenrollmentserver 


Add an Enrollment Server application and application pool if necessary, for the specified Certificate Authority. This 
command does not install binaries or packages. 


certutil [options] -addenrollmentserver kerberos | username | clientcertificate [allowrenewalsonly] 
[allowkeybasedrenewal] 


Where: 


e addenrollmentserver requires you to use an authentication method for the client connection to the 
Certificate Enrollment Server, including: 


o kerberos uses Kerberos SSL credentials. 

o username uses named account for SSL credentials. 

o clientcertificate uses X.509 Certificate SSL credentials. 
e allowrenewalsonly allows only renewal request submissions to the Certificate Authority through the URL. 
e allowkeybasedrenewal allows use of a certificate with no associated account in Active Directory. This 


applies when used with clientcertificate and allowrenewalsonly mode. 


[-config Machine\CAName ] 


-deleteenrollmentserver 


Deletes an Enrollment Server application and application pool if necessary, for the specified Certificate Authority. 
This command does not install binaries or packages. 


certutil [options] -deleteenrollmentserver kerberos | username | clientcertificate 


Where: 


e deleteenrollmentserver requires you to use an authentication method for the client connection to the 
Certificate Enrollment Server, including: 


o kerberos uses Kerberos SSL credentials. 
o username uses named account for SSL credentials. 


o clientcertificate uses X.509 Certificate SSL credentials. 


[-config Machine\CAName] 


-addpolicyserver 


Add a Policy Server application and application pool, if necessary. This command does not install binaries or 
packages. 


certutil [options] -addpolicyserver kerberos | username | clientcertificate [keybasedrenewal] 


Where: 


e addpolicyserver requires you to use an authentication method for the client connection to the Certificate 
Policy Server, including: 


o kerberos uses Kerberos SSL credentials. 
o username uses named account for SSL credentials. 
o clientcertificate uses X.509 Certificate SSL credentials. 


e keybasedrenewal allows use of policies returned to the client containing keybasedrenewal templates. This 
option applies only for username and clientcertificate authentication. 


-deletepolicyserver 


Deletes a Policy Server application and application pool, if necessary. This command does not remove binaries or 
packages. 


certutil [options] -deletePolicyServer kerberos | username | clientcertificate [keybasedrenewal] 


Where: 


e deletepolicyserver requires you to use an authentication method for the client connection to the 
Certificate Policy Server, including: 


o kerberos uses Kerberos SSL credentials. 

o username uses named account for SSL credentials. 

o clientcertificate uses X.509 Certificate SSL credentials. 
e keybasedrenewal allows use of a KeyBasedRenewal policy server. 
-oid 


Displays the object identifier or set a display name. 


certutil [options] -oid objectID [displayname | delete [languageID [type]]] 
certutil [options] -oid groupID 
certutil [options] -oid agID | algorithmname [groupID] 


Where: 


objectID displays or to adds the display name. 

e grouplD is the groupID number (decimal) that objectIDs enumerate. 
e algiD is the hexadecimal ID that objectID looks up. 

e algorithmname is the algorithm name that objectID looks up. 

e displayname displays the name to store in DS. 

e delete deletes the display name. 

e Languageld is the language ID value (defaults to current: 1033). 

e Type is the type of DS object to create, including: 

o 1 - Template (default) 

o 2 - Issuance Policy 


o 3 - Application Policy 


-f creates a DS object. 


-error 


Displays the message text associated with an error code. 


certutil [options] -error errorcode 


-getreg 


Displays a registry value. 


certutil [options] -getreg [{ca | restore | policy | exit | template | enroll |chain | policyservers}\ 
[progID\]][registryvaluename] 


Where: 


ca uses a Certificate Authority's registry key. 

restore uses Certificate Authority's restore registry key. 

policy uses the policy module's registry key. 

exit uses the first exit module's registry key. 

template uses the template registry key (use -user for user templates). 
enroll uses the enrollment registry key (use -user for user context). 

chain uses the chain configuration registry key. 

policyservers uses the Policy Servers registry key. 

progID uses the policy or exit module's ProgID (registry subkey name). 
registryvaluename uses the registry value name (use Name* to prefix match). 


value uses the new numeric, string or date registry value or filename. If a numeric value starts with + or 


- , the bits specified in the new value are set or cleared in the existing registry value. 


[-f] [-user] [-grouppolicy] [-config Machine\CAName ] 


Remarks 


If a string value starts with + or - ,and the existing value is a REG_MULTI_Sz value, the string is added to or 
removed from the existing registry value. To force creation of a REG MULTI SZ value, add \n to the end of 
the string value. 


If the value starts with ve, the rest of the value is the name of the file containing the hexadecimal text 
representation of a binary value. If it doesn't refer to a valid file, it's instead parsed as [Date][+|-][dd:hh] - 
an optional date plus or minus optional days and hours. If both are specified, use a plus sign (+) or minus 
sign (-) separator. Use now+dd:hh for a date relative to the current time. 


Use chain\chaincacheresyncfiletime \@now to effectively flush cached CRLs. 


-setreg 


Sets a registry value. 


certutil [options] -setreg [{ca | restore | policy | exit | template | enroll |chain | policyservers}\ 
[progID\]]registryvaluename value 


Where: 

e ca uses a Certificate Authority's registry key. 

e restore uses Certificate Authority's restore registry key. 

e policy uses the policy module's registry key. 

e exit uses the first exit module's registry key. 

e template uses the template registry key (use -user for user templates). 
e enroll uses the enrollment registry key (use -user for user context). 

e chain uses the chain configuration registry key. 

e policyservers uses the Policy Servers registry key. 

e progID uses the policy or exit module's ProgID (registry subkey name). 
e registryvaluename uses the registry value name (use Name* to prefix match). 


è value uses the new numeric, string or date registry value or filename. If a numeric value starts with + or 


- , the bits specified in the new value are set or cleared in the existing registry value. 


[-f] [-user] [-grouppolicy] [-config Machine\CAName] 


Remarks 
e If astring value starts with + or - , and the existing value is å REG MULTI 5Z value, the string is added to or 
removed from the existing registry value. To force creation of a REG_MULTI_Sz value, add \n to the end of 


the string value. 


e Ifthe value starts with \@ , the rest of the value is the name of the file containing the hexadecimal text 
representation of a binary value. If it doesn't refer to a valid file, it's instead parsed as [Date][+|-][dd:hh] - 
an optional date plus or minus optional days and hours. If both are specified, use a plus sign (+) or minus 
sign (-) separator. Use now+dd:hh for a date relative to the current time. 


e Use chain\chaincacheresyncfiletime \@now to effectively flush cached CRLs. 


-delreg 


Deletes a registry value. 


certutil [options] -delreg [{ca | restore | policy | exit | template | enroll |chain | policyservers}\ 
[progID\]][registryvaluename] 


Where: 

è ca uses a Certificate Authority's registry key. 

e restore uses Certificate Authority's restore registry key. 
e policy uses the policy module's registry key. 


e exit uses the first exit module's registry key. 


template uses the template registry key (use -user for user templates). 
enroll uses the enrollment registry key (use -user for user context). 

chain uses the chain configuration registry key. 

policyservers uses the Policy Servers registry key. 

progID uses the policy or exit module's ProgID (registry subkey name). 
registryvaluename uses the registry value name (use Name* to prefix match). 


value uses the new numeric, string or date registry value or filename. If a numeric value starts with + or 


- , the bits specified in the new value are set or cleared in the existing registry value. 


[-f] [-user] [-grouppolicy] [-config Machine\CAName ] 


Remarks 


If a string value starts with + or - ,and the existing value is a REG_MULTI_Sz value, the string is added to or 
removed from the existing registry value. To force creation of a REG MULTI SZ value, add \n to the end of 
the string value. 


If the value starts with ve, the rest of the value is the name of the file containing the hexadecimal text 
representation of a binary value. If it doesn't refer to a valid file, it's instead parsed as [Date][+|-][dd:hh] - 
an optional date plus or minus optional days and hours. If both are specified, use a plus sign (+) or minus 
sign (-) separator. Use now+dd:hh for a date relative to the current time. 


Use chain\chaincacheresyncfiletime \@now to effectively flush cached CRLs. 


-importKMS 


Imports user keys and certificates into the server database for key archival. 


certutil [options] -importKMS userkeyandcertfile [certID] 


Where: 


userkeyandcertfile is a data file with user private keys and certificates that are to be archived. This file can 
be: 


o An Exchange Key Management Server (KMS) export file. 


o APFX file. 
e certID is a KMS export file decryption certificate match token. For more info, see the -store parameter in 

this article. 
e -f imports certificates not issued by the Certificate Authority. 

[-f] [-silent] [-split] [-config Machine\CAName] [-p password] [-symkeyalg symmetrickeyalgorithm[,keylength]] 
-importcert 


Imports a certificate file into the database. 


certutil [options] -importcert certfile [existingrow] 


Where: 
e existingrow imports the certificate in place of a pending request for the same key. 


e -f imports certificates not issued by the Certificate Authority. 


[-f] [-config Machine\CAName ] 


Remarks 


The Certificate Authority may also need to be configured to support foreign certificates. To do this, type 
import - certutil -setreg ca\KRAFlags +KRAF_ENABLEFOREIGN . 


-getkey 


Retrieves an archived private key recovery blob, generates a recovery script, or recovers archived keys. 


certutil [options] -getkey searchtoken [recoverybloboutfile] 
certutil [options] -getkey searchtoken script outputscriptfile 
certutil [options] -getkey searchtoken retrieve | recover outputfilebasename 


Where: 


e script generates a script to retrieve and recover keys (default behavior if multiple matching recovery 
candidates are found, or if the output file is not specified). 


e retrieve retrieves one or more Key Recovery Blobs (default behavior if exactly one matching recovery 
candidate is found, and if the output file is specified). Using this option truncates any extension and appends 
the certificate-specific string and the .rec extension for each key recovery blob. Each file contains a certificate 
chain and an associated private key, still encrypted to one or more Key Recovery Agent certificates. 


e recover retrieves and recovers private keys in one step (requires Key Recovery Agent certificates and 
private keys). Using this option truncates any extension and appends the .p12 extension. Each file contains 
the recovered certificate chains and associated private keys, stored as a PFX file. 


e searchtoken selects the keys and certificates to be recovered, including: 


o 1. Certificate Common Name 

Certificate Serial Number 

Certificate SHA-1 hash (thumbprint) 

Certificate Keyld SHA-1 hash (Subject Key Identifier) 
Requester Name (domain\user) 

o 6. UPN (user@domain) 


o 
uk wn 


o 


e recoverybloboutfile outputs a file with a certificate chain and an associated private key, still encrypted to 
one or more Key Recovery Agent certificates. 


e outputscriptfile outputs a file with a batch script to retrieve and recover private keys. 


e outputfilebasename outputs a file base name. 


[-f] [-unicodetext] [-silent] [-config Machine\CAName] [-p password] [-protectto SAMnameandSIDlist] [-csp 
provider] 


-recoverkey 


Recover an archived private key. 


certutil [options] -recoverkey recoveryblobinfile [PFXoutfile [recipientindex]] 


[-f] [-user] [-silent] [-split] [-p password] [-protectto SAMnameandSIDlist] [-csp provider] [-t timeout] 


-mergePFX 
Merges PFX files. 


certutil [options] -mergePFX PFXinfilelist PFXoutfile [extendedproperties] 


Where: 
e PFXinfilelist is a comma-separated list of PFX input files. 
e PFXoutfile is the name of the PFX output file. 


e extendedproperties includes any extended properties. 


[-f] [-user] [-split] [-p password] [-protectto SAMnameAndSIDlist] [-csp provider] 
Remarks 
e The password specified on the command line must be a comma-separated password list. 


e |f more than one password is specified, the last password is used for the output file. If only one password is 
provided or if the last password is * , the user will be prompted for the output file password. 


-convertEPF 


Converts a PFX file into an EPF file. 


certutil [options] -convertEPF PFXinfilelist PFXoutfile [cast | cast-] [V3CAcertID][,salt] 


Where: 

e PFXinfilelist is a comma-separated list of PFX input files. 

e PFXoutfile is the name of the PFX output file. 

e EPF is the name of the EPF output file. 

e cast uses CAST 64 encryption. 

e cast- uses CAST 64 encryption (export) 

e V3CAcertID is the V3 CA certificate match token. For more info, see the -store parameter in this article. 


e salt is the EPF output file salt string. 


[-f] [-silent] [-split] [-dc DCName] [-p password] [-csp provider] 
Remarks 
e The password specified on the command line must be a comma-separated password list. 


e |f more than one password is specified, the last password is used for the output file. If only one password is 
provided or if the last password is * , the user will be prompted for the output file password. 


-? 


Displays the list of parameters. 


certutil >? 
certutil <name of parameter> -? 
certutil -? -v 


Where: 
e -? displays the full list of parameters 
@ - <name_of_parameter> -? displays help content for the specified parameter. 


e -? -v displays a full list of parameters and options. 


Options 


This section defines all of the options you're able to specify, based on the command. Each parameter includes 
information about which options are valid for use. 


OPTIONS DESCRIPTION 

-nullsign Use the hash of the data as a signature. 

-f Force overwrite. 

-enterprise Use the local machine enterprise registry certificate store. 
-user Use the HKEY_CURRENT_USER keys or certificate store. 
-GroupPolicy Use the group policy certificate store. 

-ut Display user templates. 

-mt Display machine templates. 

-Unicode Write redirected output in Unicode. 

-UnicodeText Write output file in Unicode. 

-gmt Display times using GMT. 

-seconds Display times using seconds and milliseconds. 

-silent Use the silent flag to acquire crypt context. 

-split Split embedded ASN.1 elements, and save to files. 

-V Provide more detailed (verbose) information. 
-privatekey Display password and private key data. 


-pin PIN Smart card PIN. 


OPTIONS 


-urlfetch 


-config Machine\CAName 


-policyserver URLorID 


-anonymous 


-kerberos 


-clientcertificate clientcertID 


-username username 


-cert certID 


-dc DCName 


-restrict restrictionlist 


-out columnist 


-p password 


-protectto SAMnameandsSIDlist 


-csp provider 


-t timeout 


-symkeyalg symmetrickeyalgorithm[, keylength] 


Additional References 


DESCRIPTION 


Retrieve and verify AIA Certs and CDP CRLs. 


Certificate Authority and computer name string. 


Policy Server URL or ID. For selection U/I, use -policyserver 
. For all Policy Servers, use -policyserver * 


Use anonymous SSL credentials. 


Use Kerberos SSL credentials. 


Use X.509 Certificate SSL credentials. For selection U/I, use 


-clientcertificate 


Use named account for SSL credentials. For selection U/I, use 


-username . 


Signing certificate. 


Target a specific Domain Controller. 


Comma-separated Restriction List. Each restriction consists of 
a column name, a relational operator and a constant integer, 
string or date. One column name may be preceded by a plus 
or minus sign to indicate the sort order. For example: 
requestID = 47 , +requestername >= a, requestername , 


Or -requestername > DOMAIN, Disposition = 21 


Comma-separated column list. 


Password 


Comma-separated SAM name/SID list. 


Provider 


URL fetch timeout in milliseconds. 


Name of the Symmetric Key Algorithm with optional key 
length. For example: AES,128 or 3DES 


For some more examples about how to use this command, see 


e Active Directory Certificate Services (AD CS) 
e Certutil tasks for managing certificates 


e certutil command 


change 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Changes Remote Desktop Session Host server settings for logons, COM port mappings, and install mode. 





NOTE 





To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 








Syntax 


change logon 
change port 
change user 


Parameters 


PARAMETER 


change logon command 
change port command 


change user command 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Enables or disables logons from client sessions on an Remote 
Desktop Session Host server, or displays current logon status. 


Lists or changes the COM port mappings to be compatible 
with MS-DOS applications. 


Changes the install mode for the Remote Desktop Session 
Host server. 


e Remote Desktop Services (Terminal Services) Command Reference 


change logon 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Enables or disables logons from client sessions, or displays current logon status. This utility is useful for system 
maintenance. You must be an administrator to run this command. 


NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 





Syntax 


change logon (/query | /enable | /disable | /drain | /drainuntilrestart) 


Parameters 
PARAMETER DESCRIPTION 
/query Displays the current logon status, whether enabled or 
disabled. 
/enable Enables logons from client sessions, but not from the console. 
/disable Disables subsequent logons from client sessions, but not from 
the console. Does not affect currently logged on users. 
/drain Disables logons from new client sessions, but allows 
reconnections to existing sessions. 
/drainuntilrestart Disables logons from new client sessions until the computer is 
restarted, but allows reconnections to existing sessions. 
/? Displays help at the command prompt. 
Remarks 


e Logons are re-enabled when you restart the system. 


e If you're connected to the Remote Desktop Session Host server from a client session, and then you disable 
logons and log off before re-enabling logons, you won't be able to reconnect to your session. To re-enable 
logons from client sessions, log on at the console. 


Examples 


e To display the current logon status, type: 


change logon /query 


e To enable logons from client sessions, type: 
change logon /enable 
e To disable client logons, type: 


change logon /disable 


Additional References 
e Command-Line Syntax Key 


e change command 


e Remote Desktop Services (Terminal Services) Command Reference 


change port 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Lists or changes the COM port mappings to be compatible with MS-DOS applications. 





NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 








Syntax 


change port [<portX>=<portY| /d <portX | /query] 


Parameters 
PARAMETER DESCRIPTION 
= Maps COM <*portx*> to <*portY*> 
/d Deletes the mapping for COM <*portx*> 
/query Displays the current port mappings. 
/ Displays help at the command prompt. 
Remarks 


e Most MS-DOS applications support only COM1 through COM4 serial ports. The change port command 
maps a serial port to a different port number, allowing apps that don't support high-numbered COM ports 
to access the serial port. Remapping works only for the current session and is not retained if you log off 
from a session and then log on again. 


e Use change port without any parameters to display the available COM ports and their current mappings. 


Examples 


e To map COM12 to COM1 for use by an MS-DOS-based application, type: 
change port com12=com1 
e To display the current port mappings, type: 


change port /query 


Additional References 
e Command-Line Syntax Key 


e change command 


e Remote Desktop Services (Terminal Services) Command Reference 


change user 


11/2/2020 * 3 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the install mode for the Remote Desktop Session Host server. 





NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 








Syntax 


change user (/execute | /install | /query) 


Parameters 

PARAMETER DESCRIPTION 

/execute Enables .ini file mapping to the home directory. This is the 
default setting. 

/install Disables .ini file mapping to the home directory. All .ini files 
are read and written to the system directory. You must disable 
ini file mapping when installing applications on a Remote 
Desktop Session Host server. 

/query Displays the current setting for .ini file mapping. 

P Displays help at the command prompt. 

Remarks 


e Use change user /install before installing an application to create .ini files for the application in the 
system directory. These files are used as the source when user-specific .ini files are created. After installing 
the application, use change user /execute to revert to standard .ini file mapping. 


e The first time you run the app, it searches the home directory for its .ini files. If the .ini files aren't found in 
the home directory, but are found in the system directory, Remote Desktop Services copies the .ini files to 
the home directory, ensuring that each user has a unique copy of the application ini files. Any new .ini files 
are created in the home directory. 


e Each user should have a unique copy of the .ini files for an application. This prevents instances where 
different users might have incompatible application configurations (for example, different default 
directories or screen resolutions). 


e When the system is running change user /install, several things occur. All registry entries that are created 
are shadowed under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 
NT\Currentversion\Terminal Server\Install, in either the \SOFTWARE subkey or the \MACHINE 
subkey. Subkeys added to HKEY_CURRENT_USER are copied under the \SOFTWARE subkey, and 


subkeys added to HKEY LOCAL MACHINE are copied under the "MACHINE subkey. If the application 
queries the Windows directory by using system calls, such as GetWindowsdirectory, the rd Session Host 
server returns the systemroot directory. If any .ini file entries are added by using system calls, such as 
WritePrivateProfileString, they are added to the .ini files under the systemroot directory. 


e When the system returns to change user /execute, and the application tries to read a registry entry 
under HKEY CURRENT USER that does not exist, Remote Desktop Services checks to see whether a copy 
of the key exists under the \Terminal Server\Install subkey. If it does, the subkeys are copied to the 
appropriate location under HKEY CURRENT USER. If the application tries to read from an .ini file that 
does not exist, Remote Desktop Services searches for that .ini file under the system root. If the .ini file is in 
the system root, it is copied to the \Windows subdirectory of the user's home directory. If the application 
queries the Windows directory, the rd Session Host server returns the \Windows subdirectory of the user's 
home directory. 


e When you log on, Remote Desktop Services checks whether its system .ini files are newer than the .ini files 
on your computer. If the system version is newer, your .ini file is either replaced or merged with the newer 
version. This depends on whether or not the INISYNC bit, 0x40, is set for this .ini file. Your previous version 
of the .ini file is renamed as Inifile.ctx. If the system registry values under the \Terminal Server\Install 
subkey are newer than your version under HKEY_CURRENT_USER, your version of the subkeys is deleted 
and replaced with the new subkeys from \Terminal Server\Install. 


Examples 


e To disable ini file mapping in the home directory, type: 
change user /install 

e To enable ini file mapping in the home directory, type: 
change user /execute 

e To display the current setting for ini file mapping, type: 


change user /query 


Additional References 


e Command-Line Syntax Key 
e change command 


e Remote Desktop Services (Terminal Services) Command Reference 


chcp 
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Changes the active console code page. If used without parameters, chcp displays the number of the active console 
code page. 


Syntax 


chcp [<nnn>] 


Parameters 
PARAMETER DESCRIPTION 
<nnn> Specifies the code page. 
fe Displays help at the command prompt. 


The following table lists each supported code page and its country/region or language: 


CODE PAGE COUNTRY/REGION OR LANGUAGE 
437 United States 
850 Multilingual (Latin I) 
852 Slavic (Latin I!) 
855 Cyrillic (Russian) 
857 Turkish 
860 Portuguese 
861 Icelandic 
863 Canadian-French 
865 Nordic 
866 Russian 
869 Modern Greek 
936 Chinese 

Remarks 


e Only the original equipment manufacturer (OEM) code page that is installed with Windows appears 
correctly ina Command Prompt window that uses Raster fonts. Other code pages appear correctly in full- 


screen mode or in Command Prompt windows that use TrueType fonts. 
e You don't need to prepare code pages (as in MS-DOS). 


e Programs that you start after you assign a new code page use the new code page. However, programs 
(except Cmd.exe) that you started before assigning the new code page will continue to use the original code 
page. 


Examples 


To view the active code page setting, type: 
chcp 


A message similar to the following appears: Active code page: 437 


To change the active code page to 850 (Multilingual), type: 
chcp 850 


If the specified code page is invalid, the following error message appears: Invalid code page 


Additional References 


e Command-Line Syntax Key 


chdir 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays the name of the current directory or changes the current directory. If used with only a drive letter (for 
example, chdir c: ), chdir displays the names of the current directory in the specified drive. If used without 
parameters, chdir displays the current drive and directory. 





NOTE 


This command has been replaced by the cd command. For more information, including the syntax and 
parameter details, see cd command. 


Additional References 
e Command-Line Syntax Key 


e cd command 


chglogon 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Enables or disables logons from client sessions on an Remote Desktop Session Host server, or displays current 
logon status. 





NOTE 


This command has been replaced by the change log command. For more information, including the syntax and parameter 
details, see change logon command. 





Additional References 
e Command-Line Syntax Key 
e change logon command 


e Remote Desktop Services (Terminal Services) Command Reference 


chgport 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Lists or changes the COM port mappings to be compatible with MS-DOS applications. 





NOTE 


This command has been replaced by the change port command. For more information, including the syntax and 
parameter details, see change port command. 





Additional References 


e Command-Line Syntax Key 
e change port command 


e Remote Desktop Services (Terminal Services) Command Reference 


chgusr 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the install mode for the Remote Desktop Session Host ser ver. 





NOTE 


This command has been replaced by the change user command. For more information, including the syntax and 
parameter details, see change user command. 





Additional References 


e Command-Line Syntax Key 
e change user command 


e Remote Desktop Services (Terminal Services) Command Reference 


ene 
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Checks the file system and file system metadata of a volume for logical and physical errors. If used without 
parameters, chkdsk displays only the status of the volume and does not fix any errors. If used with the /f, /r, /x, or 
/b parameters, it fixes errors on the volume. 





IMPORTANT 

Membership in the local Administrators group, or equivalent, is the minimum required to run chkdsk. To open a 
command prompt window as an administrator, right-click Command prompt in the Start menu, and then click Run as 
administrator. 








IMPORTANT 


Interrupting chkdsk is not recommended. However, canceling or interrupting chkdsk should not leave the volume any 
more corrupt than it was before chkdsk was run. Running chkdsk again checks and should repair any remaining corruption 


on the volume. 


NOTE 


Chkdsk can be used only for local disks. The command cannot be used with a local drive letter that has been redirected over 


the network. 





Syntax 


chkdsk [<volume>[[<path>]<filename>]] [/f] [/v] [/r] [/x] [/i] [/c] [/1[:<size>]] [/b] 


Parameters 


PARAMETER DESCRIPTION 


<volume> Specifies the drive letter (followed by a colon), mount point, or 
volume name. 


[ [<path>]<filename> Use with file allocation table (FAT) and FAT32 only. Specifies 
the location and name of a file or set of files that you want 
chkdsk to check for fragmentation. You can use the ? and * 
wildcard characters to specify multiple files. 


/f Fixes errors on the disk. The disk must be locked. If chkdsk 
cannot lock the drive, a message appears that asks you if you 
want to check the drive the next time you restart the 
computer. 


N Displays the name of each file in every directory as the disk is 
checked. 


PARAMETER 


fr 


/X 


/c 


/\[; <size> ] 


/b 


/scan 


/forceofflinefix 


/perf 


/spotfix 


/sdcleanup 


/offlinescanandfix 


/freeorphanedchains 


/markclean 


P? 


Remarks 


DESCRIPTION 


Locates bad sectors and recovers readable information. The 
disk must be locked. /r includes the functionality of /f, with 
the additional analysis of physical disk errors. 


Forces the volume to dismount first, if necessary. All open 
handles to the drive are invalidated. /x also includes the 
functionality of /f. 


Use with NTFS only. Performs a less vigorous check of index 
entries, which reduces the amount of time required to run 
chkdsk. 


Use with NTFS only. Does not check cycles within the folder 
structure, which reduces the amount of time required to run 
chkdsk. 


Use with NTFS only. Changes the log file size to the size you 
type. If you omit the size parameter, /I displays the current 
size. 


Use with NTFS only. Clears the list of bad clusters on the 
volume and rescans all allocated and free clusters for errors. 
/b includes the functionality of /r. Use this parameter after 
imaging a volume to a new hard disk drive. 


Use with NTFS only. Runs an online scan on the volume. 


Use with NTFS only (must be used with /scan). Bypass all 
online repair; all defects found are queued for offline repair 
(for example, chkdsk /spotfix ). 


Use with NTFS only (must be used with /scan). Uses more 
system resources to complete a scan as fast as possible. This 
may have a negative performance impact on other tasks 
running on the system. 


Use with NTFS only. Runs spot fixing on the volume. 


Use with NTFS only. Garbage collect unneeded security 
descriptor data (implies /f). 


Runs an offline scan and fix on the volume. 


Use with FAT/FAT32/exFAT only. Frees any orphaned cluster 
chains instead of recovering their contents. 


Use with FAT/FAT32/exFAT only. Marks the volume clean if no 
corruption was detected, even if /f was not specified. 


Displays help at the command prompt. 


e The/i or /c switch reduces the amount of time required to run chkdsk by skipping certain volume checks. 


If you want chkdsk to correct disk errors, you can't have open files on the drive. If files are open, the 


following error message appears: 


Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this 
volume to be checked the next time the system restarts? (Y/N) 


If you choose to check the drive the next time you restart the computer, chkdsk checks the drive and 
corrects errors automatically when you restart the computer. If the drive partition is a boot partition, 


chkdsk automatically restarts the computer after it checks the drive. 


You can also use the chkntfs /c command to schedule the volume to be checked the next time the 
computer is restarted. Use the fsutil dirty set command to set the volume's dirty bit (indicating 
corruption), so that Windows runs chkdsk when the computer is restarted. 


You should use chkdsk occasionally on FAT and NTFS file systems to check for disk errors. Chkdsk 
examines disk space and disk use and provides a status report specific to each file system. The status report 
shows errors found in the file system. If you run chkdsk without the /f parameter on an active partition, it 
might report spurious errors because it cannot lock the drive. 


Chkdsk corrects logical disk errors only if you specify the /f parameter. Chkdsk must be able to lock the 


drive to correct errors. 


Because repairs on FAT file systems usually change a disk's file allocation table and sometimes cause a loss 


of data, chkdsk might display a confirmation message similar to the following: 


1@ lost allocation units found in 3 chains. 
Convert lost chains to files? 


o Ifyou press Y, Windows saves each lost chain in the root directory as a file with a name in the format 
File <nnnn> .chk. When chkdsk finishes, you can check these files to see if they contain any data you 


need. 
o Ifyou press N, Windows fixes the disk, but it does not save the contents of the lost allocation units. 


If you don't use the /f parameter, chkdsk displays a message that the file needs to be fixed, but it does not 


fix any errors. 


If you use chkdsk /f* on avery large disk or a disk with a very large number of files (for example, millions 
of files), chkdsk /f might take a long time to complete. 


Use the /r parameter to find physical disk errors in the file system and attempt to recover data from any 
affected disk sectors. 


If you specify the /f parameter, chkdsk displays an error message if there are open files on the disk. If you 
do not specify the /f parameter and open files exist, chkdsk might report lost allocation units on the disk. 
This could happen if open files have not yet been recorded in the file allocation table. If chkdsk reports the 


loss of a large number of allocation units, consider repairing the disk. 


Because the Shadow Copies for Shared Folders source volume cannot be locked while Shadow Copies 
for Shared Folders is enabled, running chkdsk against the source volume might report false errors or 
cause chkdsk to unexpectedly quit. You can, however, check shadow copies for errors by running chkdsk in 
Read-only mode (without parameters) to check the Shadow Copies for Shared Folders storage volume. 


The chkdsk command, with different parameters, is available from the Recovery Console. 


On servers that are infrequently restarted, you may want to use the chkntfs or the fsutil dirty query 
commands to determine whether the volume's dirty bit is already set before running chkdsk. 


Understanding exit codes 


The following table lists the exit codes that chkdsk reports after it has finished. 


EXIT CODE DESCRIPTION 

0 No errors were found. 

1 Errors were found and fixed. 

2 Performed disk cleanup (such as garbage collection) or did not 


perform cleanup because /f was not specified. 


3 Could not check the disk, errors could not be fixed, or errors 
were not fixed because /f was not specified. 


Examples 
To check the disk in drive D and have Windows fix errors, type: 
chkdsk d: /f 


If it encounters errors, chkdsk pauses and displays messages. Chkdsk finishes by displaying a report that lists the 
status of the disk. You cannot open any files on the specified drive until chkdsk finishes. 


To check all files on a FAT disk in the current directory for noncontiguous blocks, type: 
chkdsk *.* 


Chkdsk displays a status report, and then lists the files that match the file specifications that have noncontiguous 
blocks. 


Additional References 


e Command-Line Syntax Key 


chkntfs 
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Displays or modifies automatic disk checking when the computer is started. If used without options, chkntfs 
displays the file system of the specified volume. If automatic file checking is scheduled to run, chkntfs displays 
whether the specified volume is dirty or is scheduled to be checked the next time the computer is started. 





NOTE 


To run chkntfs, you must be a member of the Administrators group. 





Syntax 


chkntfs <volume> [...] 
chkntfs [/d] 

chkntfs [/t[:<time>]] 
chkntfs [/x <volume> [...]] 
chkntfs [/c <volume> [...]] 


Parameters 
PARAMETER DESCRIPTION 
<volume> [..] Specifies one or more volumes to check when the computer 
starts. Valid volumes include drive letters (followed by a 
colon), mount points, or volume names. 

/d Restores all chkntfs default settings, except the countdown 
time for automatic file checking. By default, all volumes are 
checked when the computer is started, and chkdsk runs on 
those that are dirty. 

/t [ :<time> ] Changes the Autochk.exe initiation countdown time to the 
amount of time specified in seconds. If you do not enter a 
time, /t displays the current countdown time. 

/X <volume> [..] Specifies one or more volumes to exclude from checking when 
the computer is started, even if the volume is marked as 
requiring chkdsk. 

/c <volume> [...] Schedules one or more volumes to be checked when the 
computer is started, and runs chkdsk on those that are dirty. 

/? Displays help at the command prompt. 

Examples 


To display the type of file system for drive C, type: 


chkntfs c: 


NOTE 


If automatic file checking is scheduled to run, additional output will display, indicating whether the drive is dirty or has been 


manually scheduled to be checked the next time the computer is started. 





To display the Autochk.exe initiation countdown time, type: 


chkntfs /t 


To change the Autochk.exe initiation countdown time to 30 seconds, type: 


chkntfs /t:30 





NOTE 


Although you can set the Autochk.exe initiation countdown time to zero, doing so will prevent you from canceling a 
potentially time-consuming automatic file check. 





To exclude multiple volumes from being checked, you must list each of them in a single command. For example, to 
exclude both the D and E volumes, type: 


chkntfs /x d: e: 


IMPORTANT 


The /x command-line option isn't accumulative. If you type it more than once, the most recent entry overrides the previous 


entry. 





To schedule automatic file checking on the D volume, but not the C or E volumes, type the following commands in 
order: 


chkntfs /d 
chkntfs /x c: d: e: 
chkntfs /c d: 





IMPORTANT 


The /c command-line option is accumulative. If you type /c more than once, each entry remains. To ensure that only a 
particular volume is checked, reset the defaults to clear all previous commands, exclude all volumes from being checked, and 
then schedule automatic file checking on the desired volume. 





Additional References 


e Command-Line Syntax Key 


choice 
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Prompts the user to select one item from a list of single-character choices in a batch program, and then returns the 
index of the selected choice. If used without parameters, choice displays the default choices Y and N. 


Syntax 


choice [/c [<choice1><choice2><..>]] [/n] [/cs] [/t <timeout> /d <choice>] [/m <text>] 


Parameters 

PARAMETER DESCRIPTION 

/c <choice1><choice2><...> Specifies the list of choices to be created. Valid choices include 
a-z, A-Z, 0-9, and extended ASCII characters (128-254). The 
default list is YN, which is displayed as [Y,N]? . 

/n Hides the list of choices, although the choices are still enabled 
and the message text (if specified by /m) is still displayed. 

/cs Specifies that the choices are case-sensitive. By default, the 
choices are not case-sensitive. 

/t <timeout> Specifies the number of seconds to pause before using the 
default choice specified by /d. Acceptable values are from 0 to 
9999. If /t is set to 0, choice does not pause before 
returning the default choice. 

/d <choice> Specifies the default choice to use after waiting the number of 
seconds specified by /t. The default choice must be in the list 
of choices specified by /c. 

/m <text> Specifies a message to display before the list of choices. If /m 
is not specified, only the choice prompt is displayed. 

/? Displays help at the command prompt. 

Remarks 


e The ERRORLEVEL environment variable is set to the index of the key that the user selects from the list of 
choices. The first choice in the list returns a value of 1, the second a value of 2, and so on. If the user 
presses a key that is not a valid choice, choice sounds a warning beep. 


e Ifchoice detects an error condition, it returns an ERRORLEVEL value of 255 . If the user presses 
CTRL+BREAK or CTRL+C, choice returns an ERRORLEVEL value of 0. 





NOTE 


When you use ERRORLEVEL values in a batch program, you must list them in decreasing order. 





Examples 


To present the choices Y, N, and C, type the following line in a batch file: 
choice /c ync 
The following prompt appears when the batch file runs the choice command: 
[Y,N,C]? 
To hide the choices Y, N, and C, but display the text Yes, No, or Continue, type the following line in a batch file: 


choice /c ync /n /m Yes, No, or Continue? 





NOTE 


If you use the /n parameter, but do not use /m, the user is not prompted when choice is waiting for input. 





To show both the text and the options used in the previous examples, type the following line in a batch file: 


choice /c ync /m Yes, No, or Continue 


To set a time limit of five seconds and specify N as the default value, type the following line in a batch file: 


choice /c ync /t 5 /dn 





NOTE 


In this example, if the user doesn't press a key within five seconds, choice selects N by default and returns an error value of 


2 . Otherwise, choice returns the value corresponding to the user's choice. 





Additional References 


e Command-Line Syntax Key 


cipher 
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Displays or alters the encryption of directories and files on NTFS volumes. If used without parameters, cipher 
displays the encryption state of the current directory and any files it contains. 


Syntax 


cipher [/e | /d | /c] [/s:<directory>] [/b] [/h] [pathname [...]] 

cipher /k 

cipher /r:<filename> [/smartcard] 

cipher /u [/n] 

cipher /w:<directory> 

cipher /x[:efsfile] [filename] 

cipher /y 

cipher /adduser [/certhash:<hash> | /certfile:<filename>] [/s:directory] [/b] [/h] [pathname [...]] 
cipher /removeuser /certhash:<hash> [/s:<directory>] [/b] [/h] [<pathname> [...]] 

cipher /rekey [pathname [...]] 


Parameters 

PARAMETERS DESCRIPTION 

/b Aborts if an error is encountered. By default, cipher continues 
to run even if errors are encountered. 

/c Displays information on the encrypted file. 

/d Decrypts the specified files or directories. 

/e Encrypts the specified files or directories. Directories are 
marked so that files that are added afterward will be 
encrypted. 

/h Displays files with hidden or system attributes. By default, 
these files are not encrypted or decrypted. 

/k Creates a new certificate and key for use with Encrypting File 
System (EFS) files. If the /k parameter is specified, all other 
parameters are ignored. 

/t: <filename> [/smartcard] Generates an EFS recovery agent key and certificate, then 
writes them to a .pfx file (containing certificate and private 
key) and a .cer file (containing only the certificate). If 
/smartcard is specified, it writes the recovery key and 
certificate to a smart card, and no .pfx file is generated. 

/s: <directory> Performs the specified operation on all subdirectories in the 


specified directory. 


PARAMETERS 


/u [/n] 


/W: <directory> 


/x{:efsfile] [ <FileName> ] 


/y 


/adduser [/certhash: <hash> 


/rekey 


/removeuser /certhash: <hash> 


[£ 


Remarks 


DESCRIPTION 


Finds all encrypted files on the local drive(s). If used with the 
/n parameter, no updates are made. If used without /n, /u 
compares the user's file encryption key or the recovery agent's 
key to the current ones, and updates them if they have 
changed. This parameter works only with /n. 


Removes data from available unused disk space on the entire 
volume. If you use the /w parameter, all other parameters are 
ignored. The directory specified can be located anywhere in a 
local volume. If it is a mount point or points to a directory in 
another volume, the data on that volume is removed. 


Backs up the EFS certificate and keys to the specified file 
name. If used with :efsfile, /x backs up the user's certificate(s) 
that were used to encrypt the file. Otherwise, the user's 
current EFS certificate and keys are backed up. 


Displays your current EFS certificate thumbnail on the local 
computer. 


/certfile: <filename> ] 


Updates the specified encrypted file(s) to use the currently 
configured EFS key. 


Removes a user from the specified file(s). The Hash provided 
for /certhash must be the SHA1 hash of the certificate to 
remove. 


Displays help at the command prompt. 


e Ifthe parent directory is not encrypted, an encrypted file could become decrypted when it is modified. 


Therefore, when you encrypt a file, you should also encrypt the parent directory. 


e An administrator can add the contents of a .cer file to the EFS recovery policy to create the recovery agent 


for users, and then import the .pfx file to recover individual files. 


e You can use multiple directory names and wildcards. 


e You must put spaces between multiple parameters. 


Examples 


To display the encryption status of each of the files and subdirectories in the current directory, type: 


cipher 


Encrypted files and directories are marked with an E. Unencrypted files and directories are marked with a U. For 


example, the following output indicates that the current directory and all its contents are currently unencrypted: 


Listing C:\Users\MainUser\Documents\ 

New files added to this directory will not be encrypted. 
U Private 

U hello.doc 

U hello.txt 


To enable encryption on the Private directory used in the previous example, type: 
cipher /e private 


The following output displays: 


Encrypting files in C:\Users\MainUser\Documents\ 


Private [OK] 
1 file(s) [or directorie(s)] within 1 directorie(s) were encrypted. 


The cipher command displays the following output: 


Listing C:\Users\MainUser\Documents\ 
New files added to this directory will not be encrypted. 


E Private 
U hello.doc 
U hello.txt 


Where the Private directory is now marked as encrypted. 


Additional References 


e Command-Line Syntax Key 


clean 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Removes all partitions or volume formatting from the disk with focus. 





NOTE 


For a PowerShell version of this command, see clear-disk command. 








Syntax 


clean [all] 


Parameters 
PARAMETER DESCRIPTION 
all Specifies that each and every sector on the disk is set to zero, 
which completely deletes all data contained on the disk. 
Remarks 


e On master boot record (MBR) disks, only the MBR partitioning information and hidden sector information is 
overwritten. 


e On GUID Partition Table (gpt) disks, the gpt partitioning information, including the Protective MBR, is 
overwritten. There is no hidden sector information. 


e A disk must be selected for this operation to succeed. Use the select disk command to select a disk and 
shift the focus to it. 


Examples 


To remove all formatting from the selected disk, type: 


clean 


Additional References 


e clear-disk command 


e Command-Line Syntax Key 


cleanmgr 
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Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, 
Windows Server (Semi-Annual Channel) 


Clears unnecessary files from your computer's hard disk. You can use command-line options to specify that 
Cleanmgr cleans up Temp files, Internet files, downloaded files, and Recycle Bin files. You can then schedule the 
task to run at a specific time by using the Scheduled Tasks tool. 


Syntax 


cleanmgr [/d <driveletter>] [/sageset:n] [/sagerun:n] [/TUNEUP:n] [/LOWDISK] [/VERYLOWDISK] 


Parameters 

PARAMETER DESCRIPTION 

/d <driveletter> Specifies the drive that you want Disk Cleanup to clean. 
NOTE: The /d option is not utilized with /sagerun:n . 

/sageset:n Displays the Disk Cleanup Settings dialog box and also 
creates a registry key to store the settings that you select. The 

n value, which is stored in the registry, allows you to specify 
tasks for Disk Cleanup to run. The n value can be any 
integer value from 0 to 9999. 

/sagerun:n Runs the specified tasks that are assigned to the n value if you 
use the /sageset option. All drives on the computer are 
enumerated and the selected profile runs against each drive. 

/tuneup:n Run /sageset and /sagerun for the same n . 

/lowdisk Run with the default settings. 

/verylowdisk Run with the default settings, no user prompts. 

P Displays help at the command prompt. 

Options 


The options for the files that you can specify for Disk Cleanup by using /sageset and /sagerun include: 
e Temporary Setup Files - These are files that were created by a Setup program that is no longer running. 


e Downloaded Program Files - Downloaded program files are ActiveX controls and Java programs that are 
downloaded automatically from the Internet when you view certain pages. These files are temporarily stored 
in the Downloaded Program Files folder on the hard disk. This option includes a View Files button so that 
you can see the files before Disk Cleanup removes them. The button opens the C\Winnt\Downloaded 
Program Files folder. 


e Temporary Internet Files - The Temporary Internet Files folder contains Web pages that are stored on 
your hard disk for quick viewing. Disk Cleanup removes these page but leaves your personalized settings for 
Web pages intact. This option also includes a View Files button, which opens the C:\Documents and 
Settings\Username\Local Settings\Temporary Internet FilesVContent.IE5 folder. 


e Old Chkdsk Files - When Chkdsk checks a disk for errors, Chkdsk might save lost file fragments as files in 
the root folder on the disk. These files are unnecessary. 


e Recycle Bin - The Recycle Bin contains files that you have deleted from the computer. These files are not 
permanently removed until you empty the Recycle Bin. This option includes a View Files button that opens 
the Recycle Bin. 


Note: A Recycle Bin may appear in more than one drive, for example, not just in %SystemRoot%. 


e Temporary Files - Programs sometimes store temporary information in a Temp folder. Before a program 
quits, the program usually deletes this information. You can safely delete temporary files that have not been 
modified within the last week. 


e Temporary Offline Files - Temporary offline files are local copies of recently used network files. These 
files are automatically cached so that you can use them after you disconnect from the network. A View 
Files button opens the Offline Files folder. 


e Offline Files - Offline files are local copies of network files that you specifically want to have available 
offline so that you can use them after you disconnect from the network. A View Files button opens the 
Offline Files folder. 


e Compress Old Files - Windows can compress files that you have not used recently. Compressing files 
saves disk space, but you can still use the files. No files are deleted. Because files are compressed at different 
rates, the displayed amount of disk space that you will gain is approximate. An Options button permits you 
to specify the number of days to wait before Disk Cleanup compresses an unused file. 


e Catalog Files for the Content Indexer - The Indexing service speeds up and improves file searches by 
maintaining an index of the files that are on the disk. These Catalog files remain from a previous indexing 
operation and can be deleted safely. 


Note: Catalog File may appear in more than one drive, for example, not just in %SystemRoot% . 





NOTE 

If you specify cleaning up the drive that contains the Windows installation, all of these options are available on the Disk 
Cleanup tab. If you specify any other drive, only the Recycle Bin and the Catalog files for content index options are available 
on the Disk Cleanup tab. 





Examples 


To run the Disk Cleanup app so that you can use its dialog box to specify options for use later, saving the settings to 
the set 1, type the following: 


cleanmgr /sageset:1 
To run Disk Cleanup and include the options that you specified with the cleanmgr /sageset:1 command, type: 
cleanmgr /sagerun:1 


Torun cleanmgr /sageset:1 and cleanmgr /sagerun:1 together, type: 


cleanmgr /tuneup:1 


Additional References 


e Free up drive space in Windows 10 


e Command-Line Syntax Key 


clip 
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Redirects the command output from the command line to the Windows clipboard. You can use this command to 
copy data directly into any application that can receive text from the Clipboard. You can also paste this text output 
into other programs. 


Syntax 


<command> | clip 
clip < <filename> 


Parameters 
PARAMETER DESCRIPTION 
<command> Specifies a command whose output you want to send to the 
Windows clipboard. 
<filename> Specifies a file whose contents you want to send to the 
Windows clipboard. 
/? Displays help at the command prompt. 
Examples 


To copy the current directory listing to the Windows clipboard, type: 
dir | clip 

To copy the output of a program called generic.awk to the Windows clipboard, type: 
awk -f generic.awk input.txt | clip 

To copy the contents of a file called readme.txt to the Windows clipboard, type: 
clip < readme.txt 


Additional References 


e Command-Line Syntax Key 


cls 
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Clears the Command Prompt window. 


Syntax 











cls 
Parameters 
PARAMETER DESCRIPTION 
R Displays help at the command prompt. 
Examples 


To clear all information that appears in the Command Prompt window and return to a blank window, type: 








Additional References 


e Command-Line Syntax Key 


cmd 
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Starts a new instance of the command interpreter, Cmd.exe. If used without parameters, cmd displays the version 
and copyright information of the operating system. 


Syntax 


cmd [/c|/k] [/s] [/q] [/d] [/a|/u] [/t:{<b><f> | <f>}] [/e:{on | off}] [/f:{on | off}] [/v:{on | of F}] 


[<string>] 
Parameters 

PARAMETER DESCRIPTION 

/c Carries out the command specified by 
string and then stops. 

/k Carries out the command specified by 
string and continues. 

/s Modifies the treatment of string after /c 
or /k. 

/q Turns the echo off. 

/d Disables execution of AutoRun 
commands. 

/a Formats internal command output to a 
pipe or a file as American National 
Standards Institute (ANSI). 

/u Formats internal command output to a 
pipe or a file as Unicode. 

/t:{ <b><f> <f> } Sets the background (6) and 

foreground (f colors. 

/e:on Enables command extensions. 

/e:off Disables commands extensions. 

/f:on Enables file and directory name 
completion. 

/f:off Disables file and directory name 


completion. 


PARAMETER 


/v:on 


/v:off 


<string> 


P? 


DESCRIPTION 


Enables delayed environment variable 
expansion. 


Disables delayed environment variable 
expansion. 


Specifies the command you want to 
carry out. 


Displays help at the command prompt. 


The following table lists valid hexadecimal digits that you can use as the values for <b> and <f> : 


VALUE 


Remarks 


COLOR 


Black 


Blue 


Green 


Aqua 


Red 


Purple 


Yellow 


White 


Gray 


Light blue 


Light green 


Light aqua 


Light red 


Light purple 


Light yellow 


Bright white 


© To use multiple commands for <string> , separate them by the command separator && and enclose them 


in quotation marks. For example: 


"<command1>&8&<command2>8&8&<command3>" 


e If you specify /c or /k, cmd processes, the remainder of string, and the quotation marks are preserved only 
if all of the following conditions are met: 


o You don't also use /Ss. 

o You use exactly one set of quotation marks. 

o You don't use any special characters within the quotation marks (for example: & < > () @* |). 
o You use one or more white-space characters within the quotation marks. 

o The string within quotation marks is the name of an executable file. 


If the previous conditions aren't met, string is processed by examining the first character to verify whether it 
is an opening quotation mark. If the first character is an opening quotation mark, it is stripped along with 
the closing quotation mark. Any text following the closing quotation marks is preserved. 


e If you don't specify /d in string, Cmd.exe looks for the following registry subkeys: 
o HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun\REG_SZ 


o HKEY_CURRENT_USER\Software\Microsoft\Command 
Processor\AutoRun\REG_EXPAND_SZ 


If one or both registry subkeys are present, they're executed before all other variables. 
Caution 


Incorrectly editing the registry may severely damage your system. Before making changes to the registry, 
you should back up any valued data on the computer. 


e You can disable command extensions for a particular process by using /e:off. You can enable or disable 
extensions for all cmd command-line options on a computer or user session by setting the following 
REG_DWORD values: 


o HKEY_LOCAL_MACHINE\Software\Microsoft\Command 
Processor\EnableExtensions\REG_DWORD 


o HKEY_CURRENT_USER\Software\Microsoft\Command 
Processor\EnableExtensions\REG_DWORD 


Set the REG_DWORD value to either 0x1 (enabled) or 0x0 (disabled) in the registry by using Regedit.exe. 
User-specified settings take precedence over computer settings, and command-line options take precedence 
over registry settings. 


Caution 
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, 
you should back up any valued data on the computer. 


When you enable command extensions, the following commands are affected: 
© assoc 

o call 

o chdir (cd) 

o color 


o del (erase) 


o endlocal 

o for 

o ftype 

o goto 

o if 

o mkdir (md) 
o popd 

o prompt 

o pushd 

o set 

o setlocal 

o shift 

o start (also includes changes to external command processes) 


If you enable delayed environment variable expansion, you can use the exclamation point character to 


substitute the value of an environment variable at run time. 


File and directory name completion is not enabled by default. You can enable or disable file name 
completion for a particular process of the cmd command with /f:fon | off). You can enable or disable file 
and directory name completion for all processes of the cmd command on a computer or for a user logon 
session by setting the following REG_DWORD values: 


o HKEY_LOCAL_MACHINE\Software\Microsoft\Command 
Processor\CompletionChar\REG_DWORD 


o HKEY_LOCAL_MACHINE\Software\Microsoft\Command 
Processor\PathCompletionChar\REG_DWORD 


o HKEY_CURRENT_USER\Software\Microsoft\Command 
Processor\CompletionChar\REG_DWORD 


o HKEY_CURRENT_USER\Software\Microsoft\Command 
Processor\PathCompletionChar\REG_DWORD 


To set the REG_DWORD value, run Regedit.exe and use the hexadecimal value of a control character for a 
particular function (for example, 0x9 is TAB and 0x08 is BACKSPACE). User-specified settings take 


precedence over computer settings, and command-line options take precedence over registry settings. 


Caution 
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, 


you should back up any valued data on the computer. 


If you enable file and directory name completion by using /f:on, use CTRL+D for directory name 
completion and CTRL+F for file name completion. To disable a particular completion character in the 


registry, use the value for white space [0 x 20] because it is not a valid control character. 


o Pressing CTRL+D or CTRL+F, processes the file and directory name completion. These key 
combination functions append a wildcard character to string (if one is not present), builds a list of 
paths that match, and then displays the first matching path. 


If. none of the paths match, the file and directory name completion function beeps and does not 
change the display. To move through the list of matching paths, press CTRL+D or CTRL+F 
repeatedly. To move through the list backwards, press the SHIFT key and CTRL+D or CTRL+F 
simultaneously. To discard the saved list of matching paths and generate a new list, edit string and 
press CTRL+D or CTRL+F. If you switch between CTRL+D and CTRL+F, the saved list of matching 
paths is discarded and a new list is generated. The only difference between the key combinations 
CTRL+D and CTRL+F is that CTRL+D only matches directory names and CTRL+F matches both 
file and directory names. If you use file and directory name completion on any of the built-in 


directory commands (that is, CD, MD, or RD), directory completion is assumed. 


o File and directory name completion correctly processes file names that contain white space or special 


characters if you place quotation marks around the matching path. 


o You must use quotation marks around the following special characters: & < > []{}^=;!'+,`~ 
[white space]. 


o If the information that you supply contains spaces, you must use quotation marks around the text 
(for example, "Computer Name’). 


o If you process file and directory name completion from within string, any part of the path to the right 


of the cursor is discarded (at the point in string where the completion was processed). 


Additional References 


e Command-Line Syntax Key 


cmdkey 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates, lists, and deletes stored user names and passwords or credentials. 


Syntax 


cmdkey [{/add:<targetname>|/generic:<targetname>}] {/smartcard | /user:<username> [/pass:<password>]) 
[/delete{:<targetname> | /ras}] /list:<targetname> 


Parameters 


PARAMETERS DESCRIPTION 


/add: <targetname> Adds a user name and password to the list. 
Requires the parameter of <targetname> which identifies 


the computer or domain name that this entry will be 
associated with. 


/generic: <targetname> Adds generic credentials to the list. 
Requires the parameter of <targetname> which identifies 


the computer or domain name that this entry will be 
associated with. 


/smartcard Retrieves the credential from a smart card. If more than one 
smart card is found on the system when this option is used, 
cmdkey displays information about all available smart cards, 
and then prompts the user to specify which one to use. 


/user: <username> Specifies the user or account name to store with this entry. If 
<username> isn't supplied, it will be requested. 


/pass: <password> Specifies the password to store with this entry. If <password> 


isn't supplied, it will be requested. Passwords are not displayed 
after they're stored. 


/delete{: <targetname> | /ras} Deletes a user name and password from the list. If 
<targetname> is specified, that entry is deleted. If /ras_ is 
specified, the stored remote access entry is deleted. 


/list: <targetname> Displays the list of stored user names and credentials. If 
<targetname> isn't specified, all stored user names and 
credentials are listed. 


/ Displays help at the command prompt. 


Examples 


To display a list of all user names and credentials that are stored, type: 
cmdkey /list 

To add a user name and password for user Mikedan to access computer Server07 with the password Kleo, type: 
cmdkey /add:server@1 /user:mikedan /pass:Kleo 


To add a user name and password for user Mikedan to access computer Server07 and prompt for the password 


whenever Server01 is accessed, type: 
cmdkey /add:server@1 /user:mikedan 

To delete a credential stored by remote access, type: 
cmdkey /delete /ras 

To delete a credential stored for Server07, type: 
cmdkey /delete:server@1 


Additional References 


e Command-Line Syntax Key 


cmstp 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Installs or removes a Connection Manager service profile. Used without optional parameters, cmstp installs a 
service profile with default settings appropriate to the operating system and to the user's permissions. 


Syntax 


Syntax 1 - This is the typical syntax used in a custom installation application. To use this syntax, you must run 
cmstp from the directory that contains the <serviceprofilefilename>.exe file. 


<serviceprofilefilename>.exe /q:a /c:cmstp.exe <serviceprofilefilename>.inf [/nf] [/s] [/u] 
Syntax 2 


cmstp.exe [/nf] [/s] [/u] [drive: ][path]serviceprofilefilename. inf 


Parameters 
PARAMETER DESCRIPTION 
<serviceprofilefilename>.exe Specifies, by name, the installation package that contains the 
profile that you want to install. 
Required for Syntax 1, but not valid for Syntax 2. 

/q:a Specifies that the profile should be installed without 
prompting the user. The verification message that the 
installation has succeeded will still appear. 

Required for Syntax 1, but not valid for Syntax 2. 

[drive:][path] <serviceprofilefilename>.inf Required. Specifies, by name, the configuration file that 
determines how the profile should be installed. 

The [drive:][path] parameter isn't valid for Syntax 1. 

/nf Specifies that the support files should not be installed. 

/s Specifies that the service profile should be installed or 
uninstalled silently (without prompting for user response or 
displaying verification message). This is the only parameter 
that you can use in combination with /u. 

/u Specifies that the service profile should be uninstalled. 


R Displays help at the command prompt. 


Examples 


To install the fiction service profile without any support files, type: 
fiction.exe /c:cmstp.exe fiction.inf /nf 

To silently install the fiction service profile for a single user, type: 
fiction.exe /c:cmstp.exe fiction.inf /s /su 


To silently uninstall the fiction service profile, type: 


fiction.exe /c:cmstp.exe fiction.inf /s /u 


Additional References 


e Command-Line Syntax Key 


color 
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Changes the foreground and background colors in the Command Prompt window for the current session. If used 
without parameters, color restores the default Command Prompt window foreground and background colors. 


Syntax 


color [[<b>]<f>] 


Parameters 
PARAMETER DESCRIPTION 
<b> Specifies the background color. 
<f> Specifies the foreground color. 
/? Displays help at the command prompt. 
Where: 


The following table lists valid hexadecimal digits that you can use as the values for <b> and <f>: 


VALUE COLOR 

0 Black 

1 Blue 

2 Green 

3 Aqua 

4 Red 

5 Purple 

6 Yellow 

7 White 

8 Gray 

9 Light blue 
a Light green 


b Light aqua 


VALUE COLOR 


c Light red 

d Light purple 

e Light yellow 

f Bright white 
Remarks 


e Don't use space characters between <b> and <f>. 


e If you specify only one hexadecimal digit, the corresponding color is used as the foreground color and the 
background color is set to the default color. 


© To set the default Command Prompt window color, select the upper-left corner of the Command Prompt 
window, select Defaults, select the Colors tab, and then select the colors that you want to use for the 
Screen Text and Screen Background. 


e |f <b> and <f> are the same color value, the ERRORLEVEL is set to 1, and no change is made to either the 
foreground or the background color. 


Examples 


To change the Command Prompt window background color to gray and the foreground color to red, type: 
color 84 
To change the Command Prompt window foreground color to light yellow, type: 


color e 





NOTE 


In this example, the background is set to the default color because only one hexadecimal digit is specified. 





Additional References 


e Command-Line Syntax Key 


comp 
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Compares the contents of two files or sets of files byte-by-byte. These files can be stored on the same drive or on 
different drives, and in the same directory or in different directories. When this command compares files, it 
displays their location and file names. If used without parameters, comp prompts you to enter the files to compare. 


Syntax 


comp [<data1>] [<data2>] [/d] [/a] [/1] [/n=<number>] [/c] 


Parameters 
PARAMETER DESCRIPTION 
<data1> Specifies the location and name of the first file or set of files 
that you want to compare. You can use wildcard characters (* 
and ?) to specify multiple files. 
<data2> Specifies the location and name of the second file or set of files 
that you want to compare. You can use wildcard characters (* 
and ?) to specify multiple files. 
/d Displays differences in decimal format. (The default format is 
hexadecimal.) 
/a Displays differences as characters. 
Å Displays the number of the line where a difference occurs, 
instead of displaying the byte offset. 
/n= <number> Compares only the number of lines that are specified for each 
file, even if the files are different sizes. 
/c Performs a comparison that is not case-sensitive. 
/off[line] Processes files with the offline attribute set. 
/ Displays Help at the command prompt. 
Remarks 


e During the comparison, comp displays messages that identify the locations of unequal information between 
the files. Each message indicates the offset memory address of the unequal bytes and the contents of the 
bytes (in hexadecimal notation unless the /a or /d command-line parameter is specified). Messages appear 
in the following format: 


Compare error at OFFSET xxxxxxxx 
filel = xx 
file2 = xx 
After ten unequal comparisons, comp stops comparing the files and displays the following message: 


10 Mismatches - ending compare 


e If you omit necessary components of either data7 or data2, or if you omit data? entirely, this command 


prompts you for the missing information. 


e If data? contains only a drive letter or a directory name with no file name, this command compares all of the 


files in the specified directory to the file specified in data1. 


e If data? contains only a drive letter or a directory name, the default file name for data2 becomes the same 


name as for data1. 


e Ifthe comp command can't find the specified files, it will prompt you with a message about whether you 


want to compare additional files. 


e The files that you compare can have the same file name, provided they're in different directories or on 
different drives. You can use wildcard characters (* and ?) to specify file names. 


e You must specify /n to compare files of different sizes. If the file sizes are different and /n isn't specified, the 


following message is displayed: 


Files are different sizes 
Compare more files (Y/N)? 


To compare these files anyway, press N to stop the command. Then, run the comp command again, using 
the /n option to compare only the first portion of each file. 


e If you use wildcard characters (* and ?) to specify multiple files, comp finds the first file that matches data? 
and compares it with the corresponding file in data2, if it exists. The comp command reports the results of 
the comparison for each file matching data7. When finished, comp displays the following message: 


Compare more files (Y/N)? 


To compare more files, press Y. The comp command prompts you for the locations and names of the new 
files. To stop the comparisons, press N. When you press Y, you're prompted for which command-line 
options to use. If you don't specify any command-line options, comp uses the ones you specified before. 


Examples 


To compare the contents of the directory c:\reports with the backup directory \\sales\backup\april , type: 
comp c:\reports \\sales\backup\april 

To compare the first ten lines of the text files in the \/nvoice directory and display the result in decimal format, type: 
comp \invoice\*.txt \invoice\backup\*.txt /n=10 /d 


Additional References 


e Command-Line Syntax Key 


compact 
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Displays or alters the compression of files or directories on NTFS partitions. If used without parameters, compact 
displays the compression state of the current directory and the files it contains. 


Syntax 


compact [/c | /u] [/s[:<dir>]] [/a] [/i] [/f] [/q] [<filename>[...]] 


Parameters 

PARAMETER DESCRIPTION 

/c Compresses the specified directory or file. 

/u Uncompresses the specified directory or file. 

/s[: <dir> ] Applies the compact command to all subdirectories of the 
specified directory (or of the current directory if none is 
specified). 

/a Displays hidden or system files. 

/i Ignores errors. 

/f Forces compression or uncompression of the specified 
directory or file. /f is used in the case of a file that was partly 
compressed when the operation was interrupted by a system 
crash. To force the file to be compressed in its entirety, use the 
/c and /f parameters and specify the partially compressed file. 

/q Reports only the most essential information. 

<filename> Specifies the file or directory. You can use multiple file names, 
and the * and ? wildcard characters. 

/ Displays help at the command prompt. 

Remarks 


e This command is the command-line version of the NTFS file system compression feature. The compression 
state of a directory indicates whether files are automatically compressed when they are added to the 
directory. Setting the compression state of a directory does not necessarily change the compression state of 
files that are already in the directory. 


e You can't use this command to read, write, or mount volumes compressed using DriveSpace or 


DoubleSpace. You also can't use this command to compress file allocation table (FAT) or FAT32 partitions. 


Examples 


To set the compression state of the current directory, its subdirectories, and existing files, type: 


compact /c /s 


To set the compression state of files and subdirectories within the current directory, without altering the 
compression state of the current directory itself, type: 


compact Ve AS =. 


To compress a volume, from the root directory of the volume, type: 


compact /c /i /s:N 





NOTE 


This example sets the compression state of all directories (including the root directory on the volume) and compresses every 


file on the volume. The /i parameter prevents error messages from interrupting the compression process. 





To compress all files with the .bmp file name extension in the \tmp directory and all subdirectories of \tmp, without 
modifying the compressed attribute of the directories, type: 


compact /c /s:\tmp *.bmp 
To force complete compression of the file zebra.bmp, which was partially compressed during a system crash, type: 


compact /c /f zebra.bmp 


To remove the compressed attribute from the directory c:\\tmp, without changing the compression state of any files 
in that directory, type: 


compact /u c:\tmp 


Additional References 


e Command-Line Syntax Key 


compact vdisk 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Reduces the physical size of a dynamically expanding virtual hard disk (VHD) file. This parameter is useful because 
dynamically expanding VHDs increase in size as you add files, but they do not automatically reduce in size when 
you delete files. 


Syntax 


compact vdisk 


Remarks 


e A dynamically expanding VHD must be selected for this operation to succeed. Use the select vdisk 
command to select a VHD and shift the focus to it. 


e You can only use compact dynamically expanding VHDs that are detached or attached as read-only. 


Additional References 
e Command-Line Syntax Key 

e attach vdisk command 

e detail vdisk command 

e Detach vdisk command 

e expand vdisk command 

e Merge vdisk command 

e select vdisk command 


e list command 


convert 
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Converts a disk from one disk type to another. 


Syntax 


convert basic 
convert dynamic 
convert gpt 
convert mbr 


Parameters 

PARAMETER DESCRIPTION 

convert basic command Converts an empty dynamic disk into a basic disk. 

convert dynamic command Converts a basic disk into a dynamic disk. 

convert gpt command Converts an empty basic disk with the master boot record 
(MBR) partition style into a basic disk with the GUID partition 
table (GPT) partition style. 

convert mbr command Converts an empty basic disk with the GUID Partition Table 


(GPT) partition style into a basic disk with the master boot 
record (MBR) partition style. 


Additional References 


e Command-Line Syntax Key 


convert basic 
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Converts an empty dynamic disk to a basic disk. A dynamic disk must be selected for this operation to succeed. 
Use the select disk command to select a dynamic disk and shift the focus to it. 


IMPORTANT 


The disk must be empty to convert it to a basic disk. Back up your data, and then delete all partitions or volumes before 
converting the disk. 








NOTE 


For instructions regarding how to use this command, see Change a Dynamic Disk Back to a Basic Disk). 





Syntax 


convert basic [noerr] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To convert the selected dynamic disk to basic, type: 


convert basic 


Additional References 


e Command-Line Syntax Key 


e convert command 


convert dynamic 
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Converts a basic disk into a dynamic disk. A basic disk must be selected for this operation to succeed. Use the 
select disk command to select a basic disk and shift the focus to it. 





NOTE 


For instructions regarding how to use this command, see Change a Dynamic Disk Back to a Basic Disk). 





Syntax 


convert dynamic [noerr] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Remarks 


e Any existing partitions on the basic disk become simple volumes. 


Examples 


To convert a basic disk into a dynamic disk, type: 


convert dynamic 
Additional References 


e Command-Line Syntax Key 


e convert command 


convert gpt 
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Converts an empty basic disk with the master boot record (MBR) partition style into a basic disk with the GUID 
partition table (GPT) partition style. A basic MBR disk must be selected for this operation to succeed. Use the select 
disk command to select a basic disk and shift the focus to it. 





IMPORTANT 


The disk must be empty to convert it to a basic disk. Back up your data, and then delete all partitions or volumes before 
converting the disk. The required minimum disk size for conversion to GPT is 128 megabytes. 


NOTE 


For instructions regarding how to use this command, see Change a Master Boot Record Disk into a GUID Partition Table 
Disk. 





Syntax 


convert gpt [noerr] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To convert a basic disc from MBR partition style to GPT partition style, type: 


convert gpt 


Additional References 


e Command-Line Syntax Key 


e convert command 


convert mbr 
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Converts an empty basic disk with the GUID Partition Table (GPT) partition style into a basic disk with the master 
boot record (MBR) partition style. A basic disk must be selected for this operation to succeed. Use the select disk 
command to select a basic disk and shift the focus to it. 





IMPORTANT 


The disk must be empty to convert it to a basic disk. Back up your data, and then delete all partitions or volumes before 
converting the disk. 


NOTE 


For instructions regarding how to use this command, see Change a GUID Partition Table Disk into a Master Boot Record 
Disk. 





Syntax 


convert mbr [noerr] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To convert a basic disc from GPT partition style to MBR partition style, type>: 


convert mbr 


Additional References 


e Command-Line Syntax Key 


e convert command 


copy 
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Copies one or more files from one location to another. 





NOTE 


You can also use the copy command, with different parameters, from the Recovery Console. For more information about the 
recovery console, see Windows Recovery Environment (Windows RE). 








Syntax 


copy [/d] [/v] [/n] [/y | /-y] [/z] [/a | /b] <source> [/a | /b] [+<source> [/a | /b] [+ ...]] [<destination> 
[/a | /b]] 


Parameters 

PARAMETER DESCRIPTION 

/d Allows the encrypted files being copied to be saved as 
decrypted files at the destination. 

N Verifies that new files are written correctly. 

/n Uses a short file name, if available, when copying a file with a 
name longer than eight characters, or with a file name 
extension longer than three characters. 

/y Suppresses prompting to confirm that you want to overwrite 
an existing destination file. 

/-y Prompts you to confirm that you want to overwrite an 
existing destination file. 

/z Copies networked files in restartable mode. 

Ja Indicates an ASCII text file. 

/b Indicates a binary file. 

<source> Required. Specifies the location from which you want to copy a 
file or set of files. Source can consist of a drive letter and 
colon, a directory name, a file name, or a combination of 
these, 

<destination> Required. Specifies the location to which you want to copy a 


file or set of files. Destination can consist of a drive letter and 
colon, a directory name, a file name, or a combination of 
these. 


PARAMETER DESCRIPTION 


R Displays help at the command prompt. 
Remarks 
e You can copy an ASCII text file that uses an end-of-file character (CTRL+Z) to indicate the end of the file. 


If /a precedes or follows a list of files on the command line, it applies to all files listed until copy encounters 
/b. In this case, /b applies to the file preceding /b. 


The effect of /a depends on its position in the command-line string: - If /a follows source, the copy 
command treats the file as an ASCII file and copies data that precedes the first end-of-file character 
(CTRL+Z). - If /a follows destination, the copy command adds an end-of-file character (CTRL+Z) as the last 
character of the file. 


If /b directs the command interpreter to read the number of bytes specified by the file size in the directory. 
/b is the default value for copy, unless copy combines files. 


If /b precedes or follows a list of files on the command line, it applies to all listed files until copy encounters 
/a.\n this case, /a applies to the file preceding /a. 


The effect of /b depends on its position in the command-line string: - If /b follows source the copy 
command copies the entire file, including any end-of-file character (CTRL+Z). - If /b follows destination, the 
copy command doesn't add an end-of-file character (CTRL+Z). 


If a write operation cannot be verified, an error message appears. Although recording errors rarely occur 
with the copy command, you can use /V to verify that critical data has been correctly recorded. The /v 
command-line option also slows down the copy command, because each sector recorded on the disk must 
be checked. 


If /y is preset in the COPYCMD environment variable, you can override this setting by using /-y at the 
command line. By default, you are prompted when you replace this setting, unless the copy command is 
executed in a batch script. 


To append files, specify a single file for destination, but multiple files for source (use wildcard characters or 
fileT+ file2+ file3 format). 


If the connection is lost during the copy phase (for example, if the server going offline breaks the 
connection), you can use copy /z to resume after the connection is re-established. The /z option also 
displays the percentage of the copy operation that is completed for each file. 


You can substitute a device name for one or more occurrences of source or destination. 


If destination is a device (for example, Com1 or Lpt1), the /b option copies data to the device in binary 
mode. In binary mode, copy /b copies all characters (including special characters such as CTRL+C, CTRL+S, 
CTRL+Z, and ENTER) to the device, as data. However, if you omit /b, the data is copied to the device in ASCII 
mode. In ASCII mode, special characters might cause files to combine during the copying process. 


If you don't specify a destination file, a copy is created with the same name, modified date, and modified 
time as the original file. The new copy is stored in the current directory on the current drive. If the source file 
is on the current drive and in the current directory and you do not specify a different drive or directory for 
the destination file, the copy command stops and displays the following error message: 


File cannot be copied onto itself 
© File(s) copied 


If you specify more than one file in source, the copy command combines them all into a single file using the 


file name specified in destination. The copy command assumes the combined files are ASCII files unless 
you use the /b option. 


e To copy files that are 0 bytes long, or to copy all of a directory's files and subdirectories, use the xcopy 


command. 


e To assign the current time and date to a file without modifying the file, use the following syntax: 
copy /b <source> +,, 


Where the commas indicate that the destination parameter has been intentionally left out. 


Examples 


To copy a file called memo.docto /etterdocin the current drive and ensure that an end-of-file character (CTRL+Z) is 
at the end of the copied file, type: 


copy memo.doc letter.doc /a 


To copy a file named robin.typ from the current drive and directory to an existing directory named Birds that is 


located on drive C, type: 


copy robin.typ c:\birds 





NOTE 


If the Birds directory doesn't exist, the file robin.typ is copied into a file named Birds that is located in the root directory on 
the disk in drive C. 








To combine Mar89.rpt Apr89.rpt and May89.rpt which are located in the current directory, and place them in a file 
named Report (also in the current directory), type: 


copy mar89.rpt + apr89.rpt + may89.rpt Report 


NOTE 


If you combine files, the copy command marks the destination file with the current date and time. If you omit destination, 


the files are combined and stored under the name of the first file in the list. 





To combine all files in Report when a file named Report already exists, type: 


copy report + mar89.rpt + apr89.rpt + may89.rpt 


To combine all files in the current directory that have the .txt file name extension into a single file named 
Combined.doc, type: 


copy *.txt Combined.doc 


To combine several binary files into one file by using wildcard characters, include /b. This prevents Windows from 
treating CTRL+Z as an end-of-file character. For example, type: 


copy /b *.exe Combined.exe 


Caution 


If you combine binary files, the resulting file might be unusable due to internal formatting. 


e Combining each file that has a .txt extension with its corresponding .ref file creates a file with the same file 
name, but with a .doc extension. The Copy command combines fi/e7.txt with file7.refto form file7.doc and then 
the command combines fi/e2.txt with file2.refto form file2.doc and so on. For example, type: 


copy *.txt + *.ref *.doc 


To combine all files with the txt extension, and then to combine all files with the .ref extension into one file named 
Combined.doc, type: 


copy *.txt + *.ref Combined.doc 
Additional References 


e Command-Line Syntax Key 


e xcopy command 


cprofile 
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Cprofile is deprecated and is not guaranteed to be supported in future releases of Windows. 


Terminal Services has been updated to Remote Desktop Services. For more information, see Welcome to Remote 
Desktop Services. 


create 
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Creates a partition or shadow on a disk, a volume on one or more disks, or a virtual hard disk (VHD). If you're 


using this command to create a volume on the shadow disk, you must already have at least one volume in the 


shadow copy set. 


Syntax 


create partition 
create volume 


Parameters 
PARAMETER 


create partition primary command 


create partition efi command 


create partition extended command 
create partition logical command 


create partition msr command 


create volume simple command 


create volume mirror command 
create volume raid command 


create volume stripe command 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Creates a primary partition on the basic disk with focus. 


Creates an Extensible Firmware Interface (EFI) system 
partition on a GUID Partition Table (gpt) disk on Itanium- 
based computers. 


Creates an extended partition on the disk with focus. 


Creates a logical partition in an existing extended partition. 


Creates a Microsoft Reserved (MSR) partition on a GUID 
partition table (gpt) disk. 


Creates a simple volume on the specified dynamic disk. 


Creates a volume mirror by using the two specified dynamic 
disks. 


Creates a RAID-5 volume using three or more specified 
dynamic disks. 


Creates a striped volume using two or more specified 
dynamic disks. 


create partition efi 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates an Extensible Firmware Interface (EFI) system partition on a GUID Partition Table (gpt) disk on Itanium- 
based computers. After the partition is created, the focus is given to the new partition. 





NOTE 


A gpt disk must be selected for this operation to succeed. Use the select disk command to select a disk and shift the focus to 
it. 





Syntax 


create partition efi [size=<n>] [offset=<n>] [noerr] 


Parameters 
PARAMETER DESCRIPTION 
size= <n> The size of the partition in megabytes (MB). If no size is given, 
the partition continues until there is no more free space in the 
current region. 
offset= <n> The offset in kilobytes (KB), at which the partition is created. If 
no offset is given, the partition is placed in the first disk extent 
that is large enough to hold it. 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Remarks 


e You must add at least one volume with the add volume command before you can use the create 
command. 


e After you run the create command, you can use the exec command to run a duplication script for backup 
from the shadow copy. 


e You can use the begin backup command to specify a full backup, rather than a copy backup. 


Examples 


To create an EFI partition of 1000 megabytes on the selected disk, type: 


create partition efi size=1000 


Additional References 
e Command-Line Syntax Key 
e create command 


e select disk 


create partition logical 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a logical partition on an existing extended partition. After the partition has been created, the focus 
automatically shifts to the new partition. 


IMPORTANT 


You can use this command only on Master Boot Record (MBR) disks. You must use the select disk command to select a basic 
MBR disk and shift the focus to it. 


You must create an extended partition before you can create logical drives. 





Syntax 


create partition logical [size=<n>] [offset=<n>] [align=<n>] [noerr] 


Parameters 


PARAMETER DESCRIPTION 


size= <n> Specifies the size of the logical partition in megabytes (MB), 
which must be smaller than the extended partition. If no size 
is given, the partition continues until there is no more free 
space in the extended partition. 


offset= <n> Specifies the offset in kilobytes (KB), at which the partition is 
created. The offset rounds up to completely fill whatever 
cylinder size is used. If no offset is given, then the partition is 
placed in the first disk extent that is large enough to hold it. 
The partition is at least as long in bytes as the number 
specified by size= <n> . If you specify a size for the logical 
partition, it must be smaller than the extended partition. 


align= <n> Aligns all volume or partition extents to the closest alignment 
boundary. Typically used with hardware RAID Logical Unit 
Number (LUN) arrays to improve performance. <n> is the 
number of kilobytes (KB) from the beginning of the disk to the 
closest alignment boundary. 


noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 


Remarks 


e Ifthe size and offset parameters aren't specified, the logical partition is created in the largest disk extent 
available in the extended partition. 


Examples 


To create a logical partition of 1000 megabytes in size, in the extended partition of the selected disk, type: 


create partition logical size=1000 


Additional References 
e Command-Line Syntax Key 
e create command 


e select disk 


eget KN oe ae aa 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a Microsoft Reserved (MSR) partition on a GUID partition table (gpt) disk. A Microsoft Reserved partition 
is required on every gpt disk. The size of this partition depends on the total size of the gpt disk. The size of the gpt 
disk must be at least 32 MB to create a Microsoft Reserved partition. 





IMPORTANT 
Be very careful when using this command. Because gpt disks require a specific partition layout, creating Microsoft Reserved 


partitions can cause the disk to become unreadable. 


A basic gpt disk must be selected for this operation to succeed. You must use the select disk command to select a basic gpt 
disk and shift the focus to it. 





Syntax 


create partition msr [size=<n>] [offset=<n>] [noerr] 


Parameters 
PARAMETER DESCRIPTION 
size= <n> The size of the partition in megabytes (MB). The partition is at 
least as long in bytes as the number specified by <n> . If no 
size is given, the partition continues until there is no more 
free space in the current region. 
offset= <n> Specifies the offset in kilobytes (KB), at which the partition is 
created. The offset rounds up to completely fill whatever 
sector size is used. If no offset is given, the partition is placed 
in the first disk extent that is large enough to hold it. 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Remarks 


e On gpt disks that are used to boot the Windows operating system, the Extensible Firmware Interface (EFI) 
system partition is the first partition on the disk, followed by the Microsoft Reserved partition. gpt disks 
that are used only for data storage do not have an EFI system partition, in which case the Microsoft 
Reserved partition is the first partition. 


e Windows doesn't mount Microsoft Reserved partitions. You cannot store data on them and you cannot 
delete them. 


Examples 


To create a Microsoft Reserved partition of 1000 megabytes in size, type: 


create partition msr size=1000 


Additional References 
e Command-Line Syntax Key 
e create command 


e select disk 


create partition primary 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a primary partition on the basic disk with focus. After the partition has been created, the focus 
automatically shifts to the new partition. 





IMPORTANT 


A basic disk must be selected for this operation to succeed. You must use the select disk command to select a basic disk and 
shift the focus to it. 





Syntax 


create partition primary [size=<n>] [offset=<n>] [id={ <byte> | <guid> }] [align=<n>] [noerr] 


Parameters 

PARAMETER DESCRIPTION 

size= <n> Specifies the size of the partition in megabytes (MB). If no size 
is given, the partition continues until there is no more 
unallocated space in the current region. 

offset= <n> The offset in kilobytes (KB), at which the partition is created. If 
no offset is given, the partition will start at the beginning of 
the largest disk extent that is large enough to hold it. 

align= <n> Aligns all partition extents to the closest alignment boundary. 


Typically used with hardware RAID Logical Unit Number (LUN) 
arrays to improve performance. <n> is the number of 
kilobytes (KB) from the beginning of the disk to the closest 
alignment boundary. 


PARAMETER 


id={ <byte> | <guid> ) 


noerr 


Examples 


To create a primary partition of 1000 megabytes in size, type: 


create partition primary size=1000 


Additional References 


DESCRIPTION 


Specifies the partition type. This parameter is intended for 
original equipment manufacturer (OEM) use only. Any 
partition type byte or GUID can be specified with this 
parameter. DiskPart doesn't check the partition type for 
validity except to ensure that it is a byte in hexadecimal form 
or a GUID. Caution: Creating partitions with this parameter 
might cause your computer to fail or be unable to start up. 
Unless you are an OEM or an IT professional experienced with 
gpt disks, do not create partitions on gpt disks using this 
parameter. Instead, always use the create partition efi 
command to create EFI System partitions, the create partition 
msr command to create Microsoft Reserved partitions, and 
the create partition primary) command (without the 

id={ <byte> | <guid> parameter) to create primary 
partitions on gpt disks. 


For master boot record (MBR) disks, you must 
specify a partition type byte, in hexadecimal form, for the 
partition. If this parameter isn't specified, the command 
creates a partition of type e@xe6 , which specifies that a 
file system isn't installed. Examples include: 


e LDM data partition: 0x42 

* Recovery partition: 0x27 

e Recognized OEM partition: 0x12, 0x84, OxDE, OxFE, 
OxAO 


For GUID partition table (gpt) disks, you can specify 
a partition type GUID for the partition that you want to 
create. Recognized GUIDs include: 


e EFI system partition: c12a7328-f81f11d2-ba4b- 
00a0c93ec93b 

e Microsoft Reserved partition: e3c9e316-0b5c- 
4db8-817d-f92df00215ae 

* Basic data partition: ebd0a0a2-b9e5-4433-87c0- 
68b6b72699c7 

e LDM metadata partition (dynamic disk): 
5808c8aa-7e8f-42e0-85d2-e1e90434cfb3 

e LDM data partition (dynamic disk): af9b60a0- 
1431-4f62-bc68-3311714a69ad 

e Recovery partition: de94bba4-06d1-4d40-a16a- 
bfd50179d6ac 


If this parameter isn't specified for a gpt disk, the 
command creates a basic data partition. 


For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without the noerr parameter, an error causes DiskPart to exit 
with an error code. 


Command-Line Syntax Key 
assign command 
create command 


select disk 


create volume mirror 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a volume mirror by using the two specified dynamic disks. After the volume has been created, the focus 
automatically shifts to the new volume. 


Syntax 


create volume mirror [size=<n>] disk=<n>,<n>[,<n>,...] [align=<n>] [noerr] 


Parameters 


PARAMETER DESCRIPTION 


size= <n> Specifies the amount of disk space, in megabytes (MB), that 
the volume will occupy on each disk. If no size is given, the 
new volume takes up the remaining free space on the smallest 
disk and an equal amount of space on each subsequent disk. 


disk=| <n> || <n> |] ,<n>,... | Specifies the dynamic disks on which the mirror volume is 
created. You need two dynamic disks to create a mirror 
volume. An amount of space that is equal to the size specified 
with the size parameter is allocated on each disk. 


align= <n> Aligns all volume extents to the closest alignment boundary. 
This parameter is typically used with hardware RAID logical 
unit number (LUN) arrays to improve performance. <n> is 
the number of kilobytes (KB) from the beginning of the disk to 
the closest alignment boundary. 


noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error. 


Examples 
To create a mirrored volume of 1000 megabytes in size, on disks 1 and 2, type: 


create volume mirror size=1000 disk=1,2 
Additional References 


e Command-Line Syntax Key 


e create command 


create volume raid 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a RAID-5 volume using three or more specified dynamic disks. After you create the volume, the focus 
automatically shifts to the new volume. 


Syntax 


create volume raid [size=<n>] disk=<n>,<n>,<n>[,<n>,...] [align=<n>] [noerr] 


Parameters 


PARAMETER DESCRIPTION 


size= <n> The amount of disk space, in megabytes (MB), that the 
volume will occupy on each disk. If no size is given, the largest 
possible RAID-5 volume will be created. The disk with the 
smallest available contiguous free space determines the size 
for the RAID-5 volume and the same amount of space is 
allocated from each disk. The actual amount of usable disk 
space in the RAID-5 volume is less than the combined 
amount of disk space because some of the disk space is 
required for parity. 


disk= <n>,<n>,<n>[,<n>,...] The dynamic disks on which to create the RAID-5 volume. You 
need at least three dynamic disks in order to create a RAID-5 
volume. An amount of space equal to size=<n> is allocated 
on each disk. 


align= <n> Aligns all volume extents to the closest alignment boundary. 
Typically used with hardware RAID Logical Unit Number (LUN) 
arrays to improve performance. <n> is the number of 
kilobytes (KB) from the beginning of the disk to the closest 
alignment boundary. 


noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 


Examples 


To create a RAID-5 volume of 1000 megabytes in size, using disks 1, 2 and 3, type: 


create volume raid size=1000 disk=1,2,3 


Additional References 


e Command-Line Syntax Key 


e create command 


create volume simple 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a simple volume on the specified dynamic disk. After you create the volume, the focus automatically shifts 
to the new volume. 


Syntax 


create volume simple [size=<n>] [disk=<n>] [align=<n>] [noerr] 


Parameters 
PARAMETER DESCRIPTION 
size= <n> The size of the volume in megabytes (MB). If no size is given, 
the new volume takes up the remaining free space on the 
disk. 
disk= <n> The dynamic disk on which the volume is created. If no disk is 
specified, the current disk is used. 
align= <n> Aligns all volume extents to the closest alignment boundary. 
Typically used with hardware RAID Logical Unit Number (LUN) 
arrays to improve performance. <n> is the number of 
kilobytes (KB) from the beginning of the disk to the closest 
alignment boundary. 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To create a volume of 1000 megabytes in size, on disk 1, type: 


create volume simple size=1000 disk=1 
Additional References 


e Command-Line Syntax Key 


è create command 


create volume stripe 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a striped volume using two or more specified dynamic disks. After you create the volume, the focus 
automatically shifts to the new volume. 


Syntax 


create volume stripe [size=<n>] disk=<n>,<n>[,<n>,...] [align=<n>] [noerr] 


Parameters 


PARAMETER DESCRIPTION 


size= <n> The amount of disk space, in megabytes (MB), that the 
volume will occupy on each disk. If no size is given, the new 
volume takes up the remaining free space on the smallest disk 
and an equal amount of space on each subsequent disk. 


disk= <n>,<n>[,<n>,...] The dynamic disks on which the striped volume is created. You 
need at least two dynamic disks to create a striped volume. 
An amount of space equal to size=<n>_ is allocated on each 
disk. 


align= <n> Aligns all volume extents to the closest alignment boundary. 
Typically used with hardware RAID Logical Unit Number (LUN) 
arrays to improve performance. <n> is the number of 
kilobytes (KB) from the beginning of the disk to the closest 
alignment boundary. 


noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 


Examples 
To create a striped volume of 1000 megabytes in size, on disks 1 and 2, type: 


create volume stripe size=1000 disk=1,2 
Additional References 


e Command-Line Syntax Key 


e create command 


cscript 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Starts a script to run in a command-line environment. 





IMPORTANT 


Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider 


performing this task as a user without administrative credentials. 





Syntax 


cscript <scriptname.extension> [/b] [/d] [/e:<engine>] [{/h:cscript | /h:wscript}] [/i] [/job:<identifier>] 
[{/logo | /nologo}] [/s] [/t:<seconds>] [x] [/u] [/?] [<scriptarguments>] 


Parameters 

PARAMETER DESCRIPTION 

scriptname.extension Specifies the path and file name of the script file with optional 
file name extension. 

/b Specifies batch mode, which does not display alerts, scripting 
errors, or input prompts. 

/d Starts the debugger. 

/e: <engine> Specifies the engine that is used to run the script. 

/h:cscript Registers cscript.exe as the default script host for running 
scripts. 

/h:wscript Registers wscript.exe as the default script host for running 
scripts. This is the default. 

fi Specifies interactive mode, which displays alerts, scripting 
errors, and input prompts. This is the default and the opposite 
of /b. 

/job: Runs the job identified by identifier in a .wsf script file. 

/logo Specifies that the Windows Script Host banner is displayed in 


the console before the script runs. This is the default and the 
opposite of /nologo . 


PARAMETER DESCRIPTION 


/nologo Specifies that the Windows Script Host banner is not displayed 
before the script runs. 


/s Saves the current command-prompt options for the current 
user. 

/t: Specifies the maximum time the script can run (in seconds). 
You can specify up to 32,767 seconds. The default is no time 
limit. 

/u Specifies Unicode for input and output that is redirected from 
the console. 

/x Starts the script in the debugger. 

/? Displays available command parameters and provides help for 


using them. This is the same as typing cscript.exe with no 
parameters and no script. 


scriptarguments Specifies the arguments passed to the script. Each script 
argument must be preceded by a slash (/). 


Remarks 

e Each parameter is optional; however, you can't specify script arguments without specifying a script. If you 
don't specify a script or any script arguments, cscript.exe displays the cscript.exe syntax and the valid host 
options. 


e The /t parameter prevents excessive running of scripts by setting a timer. When the run time exceeds the 
specified value, cscript interrupts the script engine and ends the process. 


e Windows script files usually have one of the following file name extensions: .wsf, .vbs, .js. Windows Script 


Host can use wsf script files. Each .wsf file can use multiple scripting engines and perform multiple jobs. 


e if you double-click a script file with an extension that has no association, the Open With dialog box 
appears. Select wscript or cscript, and then select Always use this program to open this file type. This 
registers wscript.exe or cscript as the default script host for files of this file type. 


Additional References 


e Command-Line Syntax Key 


date 
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Displays or sets the system date. If used without parameters, date displays the current system date setting and 
prompts you to enter a new date. 





IMPORTANT 


You must be an administrator to use this command. 





Syntax 


date [/t | <month-day-year>] 


Parameters 
PARAMETER DESCRIPTION 
<month-day-year> Sets the date specified, where month is the month (one or two 
digits, including values 1 through 12), day is the day (one or 
two digits, including values 1 through 31), and year is the year 
(two or four digits, including the values 00 through 99 or 
1980 through 2099). You must separate values for month, 
day, and year with periods (.), hyphens (-), or slash marks (/). 
Note: Be aware that if you use 2 digits to represent the 
year, the values 80-99 correspond to 1980 through 1999. 
/t Displays the current date without prompting you for a new 
date. 
/? Displays help at the command prompt. 
Examples 


If command extensions are enabled, to display the current system date, type: 


date /t 


To change the current system date to August 3, 2007, you can type any of the following: 


date 08.03.2007 
date 08-03-07 
date 8/3/07 


To display the current system date, followed by a prompt to enter a new date, type: 


The current date is: Mon 04/02/2007 
Enter the new date: (mm-dd-yyyy) 


To keep the current date and return to the command prompt, press ENTER. To change the current date, type the 
new date and then press ENTER. 


Additional References 


e Command-Line Syntax Key 


dcgpotix 
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Recreates the default Group Policy Objects (GPOs) for a domain. To get to the Group Policy Management Console 
(GPMC), you must install Group Policy Management as a feature through Server Manager. 


IMPORTANT 


As a best practice, you should configure the Default Domain Policy GPO only to manage the default Account Policies 


settings, Password Policy, Account Lockout Policy, and Kerberos Policy. Additionally, you should configure the Default Domain 
Controllers Policy GPO only to set user rights and audit policies. 





Syntax 


dcgpofix [/ignoreschema] [/target: {domain | dc | both}] [/?] 


Parameters 
PARAMETER DESCRIPTION 
/ignoreschema Ignores the version of the Active Directory schema when you 
run this command. Otherwise, the command only works on 
the same schema version as the Windows version in which the 
command was shipped. 
/target {domain | dc | both Specifies whether to target the Default Domain policy, the 
Default Domain Controllers policy, or both types of policies. 
R Displays Help at the command prompt. 
Examples 


To manage the default Account Policies settings, Password Policy, Account Lockout Policy, and Kerberos Policy, 
while ignoring the Active Directory schema version, type: 


dcgpofix /ignoreschema /target:domain 


To configure the Default Domain Controllers Policy GPO only to set user rights and audit policies, while ignoring 
the Active Directory schema version, type: 


dcgpofix /ignoreschema /target:dc 


Additional References 


e Command-Line Syntax Key 


defrag 
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Applies to: Windows 10, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 
2012 R2, Windows Server 2012 
Locates and consolidates fragmented files on local volumes to improve system performance. 


Membership in the local Administrators group, or equivalent, is the minimum required to run this command. 


Syntax 


defrag <volumes> | /c | /e <volumes> [/h] [/m [n]] [/u] [v]] 
defrag <volumes> | /c | /e <volumes> /a [/h] [/m [n]| [/u] [v]] 
defrag <volumes> | /c | /e <volumes> /x [/h] [/m [n]| [/u] [v]] 
defrag <volume> [<parameters>] 


Parameters 
PARAMETER DESCRIPTION 
<volume> Specifies the drive letter or mount point path of the volume to 

be defragmented or analyzed. 

/a Perform analysis on the specified volumes. 

/c Perform the operation on all volumes. 

/d Perform traditional defrag (this is the default). On a tiered 
volume though, traditional defrag is performed only on the 
Capacity tier. 

/e Perform the operation on all volumes except those specified. 

/9 Optimize the storage tiers on the specified volumes. 

/h Run the operation at normal priority (default is low). 

/å [n] Tier optimization would run for at most n seconds on each 
volume. 

/k Perform slab consolidation on the specified volumes. 

Å Perform retrim on the specified volumes. 

/m [n] Run the operation on each volume in parallel in the 
background. At most n threads optimize the storage tiers in 
parallel. 


/o Perform the proper optimization for each media type. 


PARAMETER DESCRIPTION 


/t Track an operation already in progress on the specified 
volume. 

/u Print the progress of the operation on the screen. 
N Print verbose output containing the fragmentation statistics. 
/x Perform free space consolidation on the specified volumes. 
/? Displays this help information. 

Remarks 

e You can't defragment specific file system volumes or drives, including: 


o Volumes locked by the file system. 


o Volumes the file system marked as dirty, indicating possible corruption. 
You must run chkdsk before you can defragment this volume or drive. You can determine if a volume 


is dirty by using the fsutil dirty command. 
o Network drives. 
o CD-ROMs. 
o File system volumes that aren't NTFS, ReFS, Fat or Fat32. 


To perform this procedure, you must be a member of the Administrators group on the local computer, or 
you must have been delegated the appropriate authority. If the computer is joined to a domain, members of 
the Domain Admins group might be able to perform this procedure. As a security best practice, consider 
using Run As to perform this procedure. 


A volume must have at least 15% free space for defrag to completely and adequately defragment it. defrag 
uses this space as a sorting area for file fragments. If a volume has less than 15% free space, defrag will 
only partially defragment it. To increase the free space on a volume, delete unneeded files or move them to 


another disk. 


While defrag is analyzing and defragmenting a volume, it displays a blinking cursor. When defrag is 
finished analyzing and defragmenting the volume, it displays the analysis report, the defragmentation 


report, or both reports, and then exits to the command prompt. 


By default, defrag displays a summary of both the analysis and defragmentation reports if you do not 
specify the /a or /v parameters. 


You can send the reports to a text file by typing > FileName.txt where FileName.txt is a file name you specify. 


For example: defrag volume /v > FileName.txt 
To interrupt the defragmentation process, at the command line, press CTRL+C. 


Running the defrag command and Disk defragmenter are mutually exclusive. If you are using Disk 
defragmenter to defragment a volume and you run the defrag command at a command-line, the defrag 
command fails. Conversely, if you run the defrag command and open Disk defragmenter, the 
defragmentation options in Disk defragmenter are unavailable. 


Examples 


To defragment the volume on drive C while providing progress and verbose output, type: 


defrag c: /u /v 


To defragment the volumes on drives C and D in parallel in the background, type: 


defrag c: d: /m 


To perform a fragmentation analysis of a volume mounted on drive C and provide progress, type: 


defrag c: mountpoint /a /u 


To defragment all volumes with normal priority and provide verbose output, type: 


defrag /c /h /v 


Scheduled task 


The defragmentation process runs scheduled task as a maintenance task, which typically runs every week. As an 
Administrator, you can change the how often the task runs by using the Optimize Drives app. 


e When run from the scheduled task, defrag uses the below policy guidelines for SSDs: 


© Traditional optimization processes. Includes traditional defragmentation, for example moving 
files to make them reasonably contiguous and retrim. This is done once per month. However, if both 
traditional defragmentation and retrim are skipped, then analysis isn't run. Changing the 
frequency of the scheduled task does not affect the once per month cadence for the SSDs. 


o If you manually run traditional defragmentation on a SSD, between your normally scheduled 
runs, the next scheduled task run performs analysis and retrim, but skips traditional 
defragmentation on that SSD. 


o If you skip analysis, you won't see an updated Last run time in the Optimize Drives app. Because 
of that, the Last run time can be up to a month old. 


o You might find that scheduled task hasn't defragmented all volumes. This is typically because: 
o The process won't wake the computer to run. 


o The computer isn't plugged in. The process won't run if the computer is running on battery 
power. 


o The computer started back up (resumed from idle). 


Additional References 


e Command-Line Syntax Key 


chkdsk 


fsutil 


e fsutil dirty 


Optimize-Volume Powershell 


oa 
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Deletes one or more files. This command performs the same actions as the erase command. 


The del command can also run from the Windows Recovery Console, using different parameters. For more 


information, see Windows Recovery Environment (WinRE). 





WARNING 





If you use del to delete a file from your disk, you cant retrieve it. 





Syntax 


del [/p] [/f] [/s] [/q] [/a[:]<attributes>] <names> 
erase [/p] [/f] [/s] [/q] [/a[:]<attributes>] <names> 


Parameters 


PARAMETER 


<names> 


/p 


/f 


/s 


/q 


/a[:] <attributes> 


R 


Remarks 


DESCRIPTION 


Specifies a list of one or more files or directories. Wildcards 
may be used to delete multiple files. If a directory is specified, 
all files within the directory will be deleted. 


Prompts for confirmation before deleting the specified file. 


Forces deletion of read-only files. 


Deletes specified files from the current directory and all 
subdirectories. Displays the names of the files as they are 
being deleted. 


Specifies quiet mode. You are not prompted for delete 
confirmation. 


Deletes files based on the following file attributes: 
e r Read-only files 

h Hidden files 

e i Not content indexed files 

s System files 


a Files ready for archiving 
e | Reparse points 
e - Used as a prefix meaning 'not' 


Displays help at the command prompt. 


e Ifyou use the del /p command, you'll see the following message: 


FileName, Delete (Y/N)? 


To confirm the deletion, press Y. To cancel the deletion and to display the next file name (if you specified a 
group of files), press N. To stop the del command, press CTRL+C. 


e If you disable command extension, the /s parameter will display the names of any files that weren't found 
instead of displaying the names of files that are being deleted. 


e If you specify specific folders in the <names> parameter, all of the included files will also be deleted. For 
example, if you want to delete all of the files in the |work folder, type: 


del \work 


e You can use wildcards (* and ?) to delete more than one file at a time. However, to avoid deleting files 
unintentionally, you should use wildcards cautiously. For example, if you type the following command: 


delta 


The del command displays the following prompt: 
Are you sure (Y/N)? 
To delete all of the files in the current directory, press Y and then press ENTER. To cancel the deletion, press 


N and then press ENTER. 


NOTE 


Before you use wildcard characters with the del command, use the same wildcard characters with the dir command 
to list all the files that will be deleted. 





Examples 


To delete all the files in a folder named Test on drive C, type either of the following: 


del c:\test 
del c:\test\*.* 


To delete all files with the .bat file name extension from the current directory, type: 
del *.bat 

To delete all read-only files in the current directory, type: 
dell arin ts 

Additional References 


e Command-Line Syntax Key 


e Windows Recovery Environment (WinRE) 


delete 
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Deletes a partition or a volume. It also deletes a dynamic disk from the list of disks. 


Syntax 





delete disk 
delete partition 
delete shadows 
delete volume 











Parameters 


PARAMETER 





Delete disk 


DESCRIPTION 





Deletes a missing dynamic disk from the list of disks. 





Delete partition 





Delete shadows 


Deletes a partition. 


Deletes shadow copies. 





Delete volume 


Additional References 


e Command-Line Syntax Key 


Deletes a volume. 


delete disk 
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Deletes a missing dynamic disk from the list of disks. 





NOTE 


For detailed instructions about how to use this command, see Remove a Missing Dynamic Disk. 





Syntax 


delete disk [noerr] [override] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
override Enables DiskPart to delete all simple volumes on the disk. If 
the disk contains half of a mirrored volume, the half of the 
mirror on the disk is deleted. The delete disk override 
command fails if the disk is a member of a RAID-5 volume. 
Examples 


To delete a missing dynamic disk from the list of disks, type: 


delete disk 


Additional References 
e Command-Line Syntax Key 


e delete command 


delete partition 
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Deletes the partition with focus. Before you begin, you must select a partition for this operation to succeed. Use the 
select partition command to select a partition and shift the focus to it. 





WARNING 


Deleting a partition on a dynamic disk can delete all dynamic volumes on the disk, destroying any data and leaving the disk 
in a corrupt state. 


You can't delete the system partition, boot partition, or any partition that contains the active paging file or crash dump 
information. 





Syntax 


delete partition [noerr] [override] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
override Enables DiskPart to delete any partition regardless of type. 
Typically, DiskPart only permits you to delete known data 
partitions. 
Remarks 


e To delete a dynamic volume, always use the delete volume command instead. 


e Partitions can be deleted from dynamic disks, but they shouldn't be created. For example, it's possible to 
delete an unrecognized GUID Partition Table (GPT) partition on a dynamic GPT disk. Deleting such a 
partition doesn't cause the resulting free space to become available. Instead, This command is intended to 
allow you to reclaim space on a corrupted offline dynamic disk in an emergency situation where the clean 
command in DiskPart can't be used. 


Examples 


To delete the partition with focus, type: 


delete partition 


Additional References 


e Command-Line Syntax Key 


select partition 
delete command 
delete volume command 


clean command 


delete shadows 
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Deletes shadow copies. 


Syntax 


delete shadows [all | volume <volume> | oldest <volume> | set <setID> | id <shadowID> | exposed {<drive> 


<mountpoint>)] 
Parameters 

PARAMETER DESCRIPTION 

all Deletes all shadow copies. 

volume <volume> Deletes all shadow copies of the given volume. 

oldest <volume> Deletes the oldest shadow copy of the given volume. 

set <setID> Deletes the shadow copies in the Shadow Copy Set of the 
given ID. You can specify an alias by using the % symbol if the 
alias exists in the current environment. 

id <shadowID> Deletes a shadow copy of the given ID. You can specify an 
alias by using the % symbol if the alias exists in the current 
environment. 

exposed {` } 


Additional References 


e Command-Line Syntax Key 


e delete command 


delete volume 
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Deletes the selected volume. Before you begin, you must select a volume for this operation to succeed. Use the 
select volume command to select a volume and shift the focus to it. 


IMPORTANT 


You can't delete the system volume, boot volume, or any volume that contains the active paging file or crash dump 


(memory dump). 





Syntax 


delete volume [noerr] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To delete the volume with focus, type: 


delete volume 


Additional References 


e Command-Line Syntax Key 
e select volume 


e delete command 


detach vdisk 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Stops the selected virtual hard disk (VHD) from appearing as a local hard disk drive on the host computer. When a 
VHD is detached, you can copy it to other locations. Before you begin, you must select a VHD for this operation to 
succeed. Use the select vdisk command to select a VHD and shift the focus to it. 


Syntax 


detach vdisk [noerr] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To detach the selected VHD, type: 


detach vdisk 


Additional References 


e Command-Line Syntax Key 
e attach vdisk command 

e compact vdisk command 

e detail vdisk command 

e expand vdisk command 

e Merge vdisk command 

e select vdisk command 


e list command 


detail 
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Displays information about the selected disk, partition, volume, or virtual hard disk (VHD). 


Syntax 


detail disk 
detail partition 
detail volume 
detail vdisk 


Parameters 
PARAMETER 


Detail disk 


Detail partition 
Detail volume 


Detail vdisk 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Displays the properties of the selected disk and the volumes 
on that disk. 


Displays the properties of the selected partition. 


Displays the disks on which the current volume resides. 


Displays the properties of the selected VHD. 


detail disk 
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Displays the properties of the selected disk and the volumes on that disk. Before you begin, you must select a disk 
for this operation to succeed. Use the select disk command to select a disk and shift the focus to it. If you select a 
virtual hard disk (VHD), this command will show the disk's bus type as Virtual. 


Syntax 


detail disk 


Examples 


To see the properties of the selected disk, and information about the volumes in the disk, type: 


detail disk 


Additional References 
e Command-Line Syntax Key 


e detail command 


detail partition 
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Displays the properties of the selected partition. Before you begin, you must select a partition for this operation to 
succeed. Use the select partition command to select a partition and shift the focus to it. 


Syntax 


detail partition 


Examples 


To see the properties of the selected partition, type: 








detail partition | 





Additional References 
e Command-Line Syntax Key 


e detail command 


detail vdisk 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays the properties of the selected virtual hard disk (VHD). Before you begin, you must select a VHD for this 
operation to succeed. Use the select vdisk command to select a VHD and shift the focus to it. 


Syntax 


detail vdisk 


Examples 


To see details about the selected VHD, type: 


detail vdisk 


Additional References 


e Command-Line Syntax Key 
e detail command 

e attach vdisk command 

e compact vdisk command 

e detach vdisk command 

e expand vdisk command 

@ merge vdisk command 

e select vdisk 


e list command 


detail volume 
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Displays the disks on which the current volume resides. Before you begin, you must select a volume for this 
operation to succeed. Use the select volume command to select a volume and shift the focus to it. The volume 
details aren't applicable to read-only volumes, such as a DVD-ROM or CD-ROM drive. 


Syntax 


detail volume 


Examples 


To see all the disks in which the current volume resides, type: 


detail volume 


Additional References 
e Command-Line Syntax Key 
e select volume 


e detail command 


dfsdiag 
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Provides diagnostic information for DFS Namespaces. 


Syntax 


dfsdiag /testdcs [/domain:<domain name>] 

dfsdiag /testsites </machine:<server name>| /DFSPath:<namespace root or DFS folder> [/recurse]> [/full] 
dfsdiag /testdfsconfig /DFSRoot:<namespace> 

dfsdiag /testdfsintegrity /DFSRoot:<DFS root path> [/recurse] [/full] 

dfsdiag /testreferral /DFSpath:<DFS path to get referrals> [/full] 


Parameters 
PARAMETER DESCRIPTION 
dfsdiag testdcs Checks domain controller configuration. 
dfsdiag testsites Checks site associations. 
dfsdiag testdfsconfig Checks DFS Namespace configuration. 
dfsdiag testdfsintegrity Checks DFS Namespace integrity. 
dfsdiag testreferral Checks referral responses. 
R Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


dfsdiag testdcs 


11/2/2020 * 2 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Checks the configuration of domain controllers by performing the following tests on each domain controller in the 
specified domain: 


e Verifies that the Distributed File System (DFS) Namespace service is running and that its startup type is set 
to Automatic. 


e Checks for the support of site-costed referrals for NETLOGON and SYSvol. 


e Verifies the consistency of the site association by hostname and IP address. 


Syntax 


dfsdiag /testdcs [/domain:<domain_name>] 


Parameters 
PARAMETER DESCRIPTION 
/domain: <domain_name> Name of the domain to check. This parameter is optional. The 
default value is the local domain to which the local host is 
joined. 
Examples 


To verify the configuration of domain controllers in the contoso.com domain, type: 


dfsdiag /testdcs /domain:contoso.com 


Additional References 
e Command-Line Syntax Key 


e dfsdiag command 


dfsdiag testdfsconfig 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Checks the configuration of a Distributed File System (DFS) namespace by performing the following actions: 


e Verifies that the DFS Namespace service is running and that its startup type is set to Automatic on all 
namespace servers. 


e Verifies that the DFS registry configuration is consistent among namespace servers. 
e Validates the following dependencies on clustered namespace servers: 

o Namespace root resource dependency on network name resource. 

o Network name resource dependency on IP address resource. 


o Namespace root resource dependency on physical disk resource. 


Syntax 


dfsdiag /testdfsconfig /DFSroot:<namespace> 


Parameters 

PARAMETER DESCRIPTION 

/DFSroot: <namespace> The namespace (DFS root) to diagnose. 
Examples 


To verify the configuration of Distributed File System (DFS) namespaces in contoso.com\MyNamespace, type: 


dfsdiag /testdfsconfig /DFSroot:\contoso.com\MyNamespace 


Additional References 


e Command-Line Syntax Key 


e dfsdiag command 


dfsdiag testdfsintegrity 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 

Checks the integrity of the Distributed File System (DFS) namespace by performing the following tests: 

e Checks for DFS metadata corruption or inconsistencies between domain controllers. 


e Validates the configuration of access-based enumeration to ensure that it is consistent between DFS 
metadata and the namespace server share. 


e Detects overlapping DFS folders (links), duplicate folders, and folders with overlapping folder targets. 


Syntax 


dfsdiag /testdfsintegrity /DFSroot: <DFS root path> [/recurse] [/full] 


Parameters 
PARAMETER DESCRIPTION 
/DFSroot: <DFS root path> The DFS namespace to diagnose. 
/recurse Performs the testing, including any namespace interlinks. 
/full Verifies the consistency of the share and NTFS ACLs, along 
with the client side configuration on all folder targets. It also 
verifies that the online property is set. 
Examples 


To verify the integrity and consistency of the Distributed File System (DFS) namespaces in 
contoso.com\MyNamespace, including any interlinks, type: 


dfsdiag /testdfsintegrity /DFSRoot:\contoso.com\MyNamespace /recurse /full 
Additional References 


e Command-Line Syntax Key 


e dfsdiag command 


dfsdiag testreferral 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Checks Distributed File System (DFS) referrals by performing the following tests: 


e Ifyou use the DFSpath* parameter without arguments, the command validates that the referral list 
includes all trusted domains. 


e If you specify a domain, the command performs a health check of domain controllers ( dfsdiag /testdcs ) 
and tests the site associations and domain cache of the local host. 


e If you specify a domain and \SYSvol or \NETLOGON, the command performs the same domain controller 
health checks, along with checking that the time To Live (TTL) of SYSvol or NETLOGON referrals matches 
the default value of 900 seconds. 


e If you specify a namespace root, the command performs the same domain controller health checks, along 
with performing a DFS configuration check ( dfsdiag /testdfsconfig ) and a namespace integrity check ( 
dfsdiag /testdfsintegrity ). 


e If you specify a DFS folder (link), the command performs the same namespace root health checks, along 
with validating the site configuration for folder targets (dfsdiag /testsites) and validating the site association 
of the local host. 


Syntax 


dfsdiag /testreferral /DFSpath:<DFS path to get referrals> [/full] 


Parameters 
PARAMETER DESCRIPTION 
/DFSpath: <path to get referrals> Can be one of the following: 
e Blank: Tests only trusted domains. 
© \\Domain: Tests only domain controller referrals. 
© \\Domain\SYSvol: Tests only SYSvol referrals. 
© \\Domain\NETLOGON: Tests only NETLOGON referrals. 
© \\<domain or server>\<namespace root>: Tests 
only namespace root referrals. 
\\<domain or server>\<namespace root>\<DFS 
@ folder>: 
Tests only the DFS folder (link) referrals. 
/full Applies only to Domain and Root referrals. Verifies the 


consistency of site association information between the 
registry and active directory Domain Services (AD DS). 


Examples 


To check the Distributed File System (DFS) referrals in contoso.com|MyNamespace type: 
dfsdiag /testreferral /DFSpath:\\contoso.com\MyNamespace 
To check the Distributed File System (DFS) referrals in all trusted domains, type: 


dfsdiag /testreferral /DFSpath: 


Additional References 
e Command-Line Syntax Key 


e dfsdiag command 


dfsdiag testsites 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Checks the configuration of active directory Domain Services (AD DS) sites by verifying that servers that act as 
namespace servers or folder (link) targets have the same site associations on all domain controllers. 


Syntax 


dfsdiag /testsites </machine:<server name>| /DFSpath:<namespace root or DFS folder> [/recurse]> [/full] 


Parameters 
PARAMETER DESCRIPTION 
/machine:<server name> The name of the server on which to verify the site association. 
/DFSpath:<namespace root or DFS folder> The namespace root or Distributed File System (DFS) folder 
(link) with targets for which to verify the site association. 
/recurse Enumerates and verifies the site associations for all folder 
targets under the specified namespace root. 
/full Verifies that AD DS and the registry of the server contain the 
same site association information. 
Examples 


To check the site associations on machine\MyServer, type: 
dfsdiag /testsites /machine:MyServer 


To check a Distributed File System (DFS) folder to verify the site association, along with verifying that AD DS and 
the registry of the server contain the same site association information, type: 


dfsdiag /TestSites /DFSpath:\\contoso.com\namespace1\folder1 /full 


To check a namespace root to verify the site association, along with enumerating and verifying the site associations 
for all folder targets under the specified namespace root, and verifying that AD DS and the registry of the server 
contain the same site association information, type: 


dfsdiag /testsites /DFSpath:\\contoso.com\namespace2 /recurse /full 


Additional References 


e Command-Line Syntax Key 


e dfsdiag command 


dfsrmig 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


The migration tool for the DFS Replication service, dfsrmig.exe, is installed with the DFS Replication service. This 
tool migrates SYSvol replication from File Replication Service (FRS) to Distributed File System (DFS) Replication. It 
also provides information about the progress of the migration and modifies Active Directory Domain Services (AD 
DS) objects to support the migration. 


Syntax 


dfsrmig [/setglobalstate <state> | /getglobalstate | /getmigrationstate | /createglobalobjects | 
/deleterontfrsmember [<read only domain controller name>] | /deleterodfsrmember 
[<read only domain controller name>] | /?] 


Parameters 
PARAMETER DESCRIPTION 
/setglobalstate <state> Sets the domain's global migration state to one that 

corresponds to the value specified by state. You can only set 
the global migration state to a stable state. The state values 
include: 
e 0 - Start state 
e 1 - Prepared state 
e 2 - Redirected state 
e 3 - Eliminated state 

/getglobalstate Retrieves the current global migration state for the domain 
from the local copy of the AD DS database, when run on the 
PDC emulator. Use this option to confirm that you set the 
correct global migration state. 
Important: You should only run this command on the 
PDC emulator. 

/getmigrationstate Retrieves the current local migration state for all domain 


controllers in the domain and determines whether those local 
states match the current global migration state. Use this 
option to determine if all domain controllers have reached the 
global migration state. 


PARAMETER 


/createglobalobjects 


/deleterontfrsmember 
[<read only domain controller name>] 


/deleterodfsrmember 
[<read only domain controller name>] 


L 


Remarks 


DESCRIPTION 


Creates the global objects and settings in AD DS used by DFS 
Replication uses. The only situations where you should use this 
option to manually create objects and settings, are: 

e A new read-only domain controller is promoted 
during migration. If a new read-only domain 
controller is promoted in the domain after moving into 
the Prepared state, but before migration to the 
Eliminated state, then the objects that correspond to 
the new domain controller aren't created, causing 
replication and the migration to fail. 

© Global settings for the DFS Replication service 
are missing or were deleted. If these settings are 
missing for a domain controller, migration from the 
Start state to the Prepared state will stall at the 
Preparing transition state. Note: Because the global 
AD DS settings for the DFS Replication service for a 
read-only domain controller are created on the PDC 
emulator, these settings need to replicate to the read- 
only domain controller from the PDC emulator before 
the DFS Replication service on the read-only domain 
controller can use these settings. Because of Active 
Directory replication latencies, this replication can take 
some time to occur. 


Deletes the global AD DS settings for FRS replication that 
correspond to the specified read-only domain controller, or 
deletes the global AD DS settings for FRS replication for all 
read-only domain controllers if no value is specified for 


<read_only_domain_controller_name> . 


You shouldn't need to use this option during a normal 
migration process, because the DFS Replication service 
automatically deletes these AD DS settings during the 
migration from the Redirected state to the Eliminated 
state. Use this option to manually delete the AD DS 
settings only when the automatic deletion fails on a read- 
only domain controller and stalls the read-only domain 
controller for a long ime during the migration from the 
Redirected state to the Eliminated state. 


Deletes the global AD DS settings for DFS Replication that 
correspond to the specified read-only domain controller, or 
deletes the global AD DS settings for DFS Replication for all 
read-only domain controllers if no value is specified for 


<read_only_domain_controller_name> . 


Use this option to manually delete the AD DS settings 
only when the automatic deletion fails on a read-only 
domain controller and stalls the read-only domain 
controller for a long time when rolling back the migration 
from the Prepared state to the start state. 


Displays help at the command prompt. 


e Usethe /setglobalstate <state> command to set the global migration state in AD DS on the PDC emulator 


to initiate and control the migration process. If the PDC emulator isn't available, this command fails. 


e Migration to the Eliminated state is irreversible and rollback isn't possible, so use a value of 3 for state only 


when you are fully committed to using DFS Replication for SYSvol replication. 
e Global migration states must be a stable migration state. 


e Active Directory replication replicates the global state to other domain controllers in the domain, but 
because of replication latencies, you can get inconsistencies if you run dfsrmig /getglobalstate ona 


domain controller other than the PDC emulator. 


e The output of dsfrmig /getmigrationstate indicates whether migration to the current global state is 
complete, listing the local migration state for any domain controllers that haven't yet reached the current 
global migration state. The local migration state for domain controllers can also include transition states for 


domain controllers that have not reached the current global migration state. 


e Read-only domain controllers can't delete settings from AD DS, the PDC emulator performs this operation, 
and the changes eventually replicate to the read-only domain controllers after the applicable latencies for 


active directory replication. 


e Thedfsrmig command is supported only on domain controllers that run at the Windows Server domain 
functional level, because SYSvol migration from FRS to DFS Replication is only possible on domain 
controllers that operate at that level. 


e You can run the dfsrmig command on any domain controller, but operations that create or manipulate AD 
DS objects are only allowed on read-write capable domain controllers (not on read-only domain 


controllers). 


Examples 


To set the global migration state to Prepared (1) and to initiate migration or to rollback from the Prepared state, 


type: 
dfsrmig /setglobalstate 1 

To set the global migration state to Start (0) and to initiate rollback to the Start state, type: 
dfsrmig /setglobalstate @ 

To display the global migration state, type: 
dfsrmig /getglobalstate 

Output from the dfsrmig /getglobalstate command: 


Current DFSR global state: Prepared 
Succeeded. 


To display information about whether the local migration states on all the domain controllers match the global 
migration state and if there are any local migration states where the local state doesn't match the global state, type: 


dfsrmig /GetMigrationState 


Output from the dfsrmig /getmigrationstate command when the local migration states on all of the domain 


controllers match the global migration state: 


All Domain Controllers have migrated successfully to Global state (Prepared). 
Migration has reached a consistent state on all Domain Controllers. 
Succeeded. 


Output from the dfsrmig /getmigrationstate command when the local migration states on some domain 


controllers don't match the global migration state. 


The following Domain Controllers are not in sync with Global state (Prepared): 
Domain Controller (Local Migration State) DC type 


CONTOSO-DC2 (start) ReadOnly DC 

CONTOSO-DC3 (Preparing) Writable DC 

Migration has not yet reached a consistent state on all domain controllers 
State information might be stale due to AD latency. 


To create the global objects and settings that DFS Replication uses in AD DS on domain controllers where those 
settings were not created automatically during migration or where those settings are missing, type: 


dfsrmig /createglobalobjects 


To delete the global AD DS settings for FRS replication for a read-only domain controller named contoso-dc2 if 
those settings were not deleted automatically deleted by the migration process, type: 


dfsrmig /deleterontfrsmember contoso-dc2 


To delete the global AD DS settings for FRS replication for all read-only domain controllers if those settings were 
not deleted automatically by the migration process, type: 


dfsrmig /deleterontfrsmember 


To delete the global AD DS settings for DFS Replication for a read-only domain controller named contoso-dc2 if 
those settings were not deleted automatically by the migration process, type: 


dfsrmig /deleterodfsrmember contoso-dc2 


To delete the global AD DS settings for DFS Replication for all read-only domain controllers if those settings were 
not deleted automatically by the migration process, type: 


dfsrmig /deleterodfsrmember 
To display help at the command prompt: 


dfsrmig 


dfsrmig /? 


Additional References 


e Command-Line Syntax Key 


e SYSvol Migration Series: Part 2 dfsrmig.exe: The SYSvol Migration Tool 


e Active Directory Domain Services 


diantz 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Package existing files into a cabinet (.cab) file. This command performs the same actions as the updated makecab 
command. 


Syntax 


diantz [/v[n]] [/d var=<value> ...] [/1 <dir>] <source> [<destination>] 
diantz [/v[<n>]] [/d var=<value> ...] /f <directives file> [...] 
Parameters 
PARAMETER DESCRIPTION 
<source> File to compress. 
<destination> File name to give compressed file. If omitted, the last character 


of the source file name is replaced with an underscore (_) and 
used as the destination. 


/f <directives file> A file with diantz directives (may be repeated). 

/d var= <value> Defines variable with specified value. 

/\ <dir> Location to place destination (default is current directory). 
N[ <n> ] Set debugging verbosity level (0=none....,3=full). 

P Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


e Microsoft Cabinet format 


olla 


11/2/2020 * 7 minutes to read * Edit Online 





Displays a list of a directory's files and subdirectories. If used without parameters, this command displays the disk's 
volume label and serial number, followed by a list of directories and files on the disk (including their names and the 
date and time each was last modified). For files, this command displays the name extension and the size in bytes. 
This command also displays the total number of files and directories listed, their cumulative size, and the free space 
(in bytes) remaining on the disk. 


The dir command can also run from the Windows Recovery Console, using different parameters. For more 
information, see Windows Recovery Environment (WinRE). 


Syntax 


dir [<drive>:][<path>][<filename>] [...] [/p] [/q] [/w] [/d] [/a[[:]<attributes>]][/o[[:]<sortorder>]] [/t[[:] 
<timefield>]] [/s] [/b] [/1] [/n] [/x] [/c] [/4] [/r] 


Parameters 
PARAMETER DESCRIPTION 
[<drive>:][<path>] Specifies the drive and directory for which you want to see a 
listing. 
[<filename>] Specifies a particular file or group of files for which you want 
to see a listing. 
/p Displays one screen of the listing at a time. To see the next 
screen, press any key. 
/q Displays file ownership information. 
/w Displays the listing in wide format, with as many as five file 
names or directory names on each line. 
/d Displays the listing in the same format as /w, but the files are 


sorted by column. 


PARAMETER 


/a[[] <attributes> ] 


/o[[] <sortorder> ] 


/t[[:] <timefield> ] 


/S 


/b 


Å 


/n 


DESCRIPTION 


Displays only the names of those directories and files with 
your specified attributes. If you don't use this parameter, the 
command displays the names of all files except hidden and 
system files. If you use this parameter without specifying any 
attributes, the command displays the names of all files, 
including hidden and system files. The list of possible 
attributes values are: 

e d - Directories 

e h - Hidden files 

e s - System files 

e |- Reparse points 

e r - Read-only files 

e a - Files ready for archiving 

e i - Not content indexed files 


You can use any combination of these values, but don't 
separate your values using spaces. Optionally you can use a 
colon (:) separator, or you can use a hyphen (-) as a prefix to 
mean, "not". For example, using the -s attribute won't show 
the system files. 


Sorts the output according to sortorder, which can be any 
combination of the following values: 

e n - Alphabetically by name 

e e- Alphabetically by extension 

e g - Group directories first 

e s - By size, smallest first 

e d - By date/time, oldest first 

e Usethe - prefix to reverse the sort order 


Multiple values are processed in the order in which you list 
them. Don't separate multiple values with spaces, but you can 
optionally use a colon (:). 

If sortorder isn't specified, dir /o lists the directories 
alphabetically, followed by the files, which are also sorted 
alphabetically. 


Specifies which time field to display or to use for sorting. The 
available timefield values are: 

e c- Creation 

e a- Last accessed 

e w - Last written 


Lists every occurrence of the specified file name within the 
specified directory and all subdirectories. 


Displays a bare list of directories and files, with no additional 
information. The /b parameter overrides /w. 


Displays unsorted directory names and file names, using 
lowercase. 


Displays a long list format with file names on the far right of 
the screen. 


PARAMETER DESCRIPTION 


/X Displays the short names generated for non-8dot3 file names. 
The display is the same as the display for /n, but the short 
name is inserted before the long name. 


/c Displays the thousand separator in file sizes. This is the default 
behavior. Use /c to hide separators. 


/4 Displays years in four-digit format. 

fr Display alternate data streams of the file. 

R Displays help at the command prompt. 
Remarks 


e To use multiple filename parameters, separate each file name with a space, comma, or semicolon. 


e You can use wildcard characters (* or ?), to represent one or more characters of a file name and to display a 
subset of files or subdirectories. 


e You can use the wildcard character, *, to substitute for any string of characters, for example: 


o dir *.txt lists all files in the current directory with extensions that begin with .txt, such as txt, txt1, 
txt old. 


o dir read *.txt lists all files in the current directory that begin with read and with extensions that 
begin with .txt, such as txt, .txt1, or .txt old. 


o dir read *.* lists all files in the current directory that begin with read with any extension. 


The asterisk wildcard always uses short file name mapping, so you might get unexpected results. For 
example, the following directory contains two files (t.txt2 and t97.txt): 


C:\test>dir /x 
Volume in drive C has no label. 
Volume Serial Number is B86A-EF32 


Directory of C:\test 


11/30/2004 01:40 PM <DIR> 

11/30/2004 01:40 PM <DIR> .. 

11/30/2004 11:05 AM @ T97B4~1.TXT t.txt2 
11/30/2004 01:16 PM ð t97.txt 


You might expect that typing dir t97\* would return the file t97.txt. However, typing dir t97\* returns 
both files, because the asterisk wildcard matches the file t.txt2 to t97 txt by using its short name map 
797B4~1.TXT. Similarly, typing del t97\* would delete both files. 


e You can use the question mark (?) as a substitute for a single character in a name. For example, typing 
dir read???.txt lists any files in the current directory with the txt extension that begin with read and are 
followed by up to three characters. This includes Read.txt, Read txt, Read12.txt, Read123 txt, and 
Readmet txt, but not Readme12.txt. 


e If you use /a with more than one value in attributes, this command displays the names of only those files 
with all the specified attributes. For example, if you use /a with r and -h as attributes (by using either 
/a:r-h or /ar-h ), this command will only display the names of the read-only files that aren't hidden. 


e If you specify more than one sortorder value, this command sorts the file names by the first criterion, then 
by the second criterion, and so on. For example, if you use /o with the e and -s parameters for sortorder (by 
using either /o:e-s or /oe-s ), this command sorts the names of directories and files by extension, with the 
largest first, and then displays the final result. The alphabetic sorting by extension causes file names with no 


extensions to appear first, then directory names, and then file names with extensions. 


e If you use the redirection symbol ( > ) to send this command's output to a file, or if you use a pipe ( | ) to 
send this command's output to another command, you must use /a:-d and/b to only list the file names. 
You can use filename with /b and /s to specify that this command is to search the current directory and its 
subdirectories for all file names that match filename. This command lists only the drive letter, directory 
name, file name, and file name extension (one path per line), for each file name it finds. Before you use a 
pipe to send this command's output to another command, you should set the TEMP environment variable in 
your Autoexec.nt file. 


Examples 


To display all directories one after the other, in alphabetical order, in wide format, and pausing after each screen, 
make sure that the root directory is the current directory, and then type: 


dir /s/w/o/p 


The output lists the root directory, the subdirectories, and the files in the root directory, including extensions. This 
command also lists the subdirectory names and the file names in each subdirectory in the tree. 


To alter the preceding example so that dir displays the file names and extensions, but omits the directory names, 


type: 
dir /s/w/o/p/a:-d 

To print a directory listing, type: 
dir > prn 


When you specify prn, the directory list is sent to the printer that is attached to the LPT1 port. If your printer is 
attached to a different port, you must replace prn with the name of the correct port. 


You can also redirect output of the dir command to a file by replacing prn with a file name. You can also type a 
path. For example, to direct dir output to the file dir.doc in the Records directory, type: 


dir > \records\dir.doc 


If dirdoc does not exist, dir creates it, unless the Records directory does not exist. In that case, the following 
message appears: 


File creation error 
To display a list of all the file names with the .txt extension in all directories on drive C, type: 
dir c:\*.txt /w/o/s/p 


The dir command displays, in wide format, an alphabetized list of the matching file names in each directory, and it 


pauses each time the screen fills until you press any key to continue. 


Additional References 


e Command-Line Syntax Key 


diskcomp 
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Compares the contents of two floppy disks. If used without parameters, diskcomp uses the current drive to 
compare both disks. 


Syntax 


diskcomp [<drive1>: [<drive2>:]] 


Parameters 
PARAMETER DESCRIPTION 
«drive1> Specifies the drive containing one of the floppy disks. 
?? Displays help at the command prompt. 
Remarks 


e The diskcomp command works only with floppy disks. You cannot use diskcomp with a hard disk. If you 
specify a hard disk drive for drive7 or drive2, diskcomp displays the following error message: 


Invalid drive specification 
Specified drive does not exist 
or is nonremovable 


e Ifall tracks on the two disks being compared are the same (it ignores a disk's volume number), diskcomp 
displays the following message: 


Compare OK 


If the tracks aren't the same, diskcomp displays a message similar to the following: 


Compare error on 
side 1, track 2 


When diskcomp completes the comparison, it displays the following message: 


Compare another diskette (Y/N)? 
If you press Y, diskcomp prompts you to insert the disk for the next comparison. If you press N, diskcomp 
stops the comparison. 


e If you omit the drive? parameter, diskcomp uses the current drive for drive2. lf you omit both drive 
parameters, diskcomp uses the current drive for both. If the current drive is the same as drive?, diskcomp 
prompts you to swap disks as necessary. 


e If you specify the same floppy disk drive for drive7 and drive2, diskcomp compares them by using one 


drive and prompts you to insert the disks as necessary. You might have to swap the disks more than once, 
depending on the capacity of the disks and the amount of available memory. 


e Diskcomp can't compare a single-sided disk with a double-sided disk, nor a high-density disk with a 
double-density disk. If the disk in drive7 isn't of the same type as the disk in drive2, diskcomp displays the 


following message: 


Drive types or diskette types not compatible 


e Diskcomp doesn't work on a network drive or on a drive created by the subst command. If you attempt to 
use diskcomp with a drive of any of these types, diskcomp displays the following error message: 


Invalid drive specification 


e If you use diskcomp with a disk that you made by using copy, diskcomp might display a message similar 
to the following: 


Compare error on 
side @, track @ 


This type of error can occur even if the files on the disks are identical. Although copy duplicates information, 
it doesn't necessarily place it in the same location on the destination disk. 


e diskcomp exit codes: 


EXIT CODE DESCRIPTION 

0 Disks are the same 

1 Differences were found 

3 Hard error occurred 

4 Initialization error occurred 


To process exit codes that are returned by diskcomp, you can use the ERRORLEVEL environment variable 
on the if command line in a batch program. 


Examples 


If your computer has only one floppy disk drive (for example, drive A), and you want to compare two disks, type: 


diskcomp a: a: 


Diskcomp prompts you to insert each disk, as needed. 


To illustrates how to process a diskcomp exit code in a batch program that uses the FRRORLEVEL environment 


variable on the if command line: 


rem Checkout.bat compares the disks in drive A and B 
echo off 

diskcomp a: b: 

if errorlevel 4 goto ini_error 

if errorlevel 3 goto hard_error 

if errorlevel 1 goto no_compare 

if errorlevel @ goto compare_ok 

:ini error 

echo ERROR: Insufficient memory or command invalid 
goto exit 

:hard error 

echo ERROR: An irrecoverable error occurred 

goto exit 

:break 

echo You just pressed CTRL+C to stop the comparison 
goto exit 

:no compare 

echo Disks are not the same 

goto exit 

:compare ok 

echo The comparison was successful; the disks are the same 
goto exit 

:exit 


Additional References 


e Command-Line Syntax Key 


diskcopy 
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Copies the contents of the floppy disk in the source drive to a formatted or unformatted floppy disk in the 
destination drive. If used without parameters, diskcopy uses the current drive for the source disk and the 
destination disk. 


Syntax 


diskcopy [<drive1>: [<drive2>:]] [/v] 


Parameters 
PARAMETER DESCRIPTION 
<drive1> Specifies the drive that contains the source disk. 
N Verifies that the information is copied correctly. This option 
slows down the copying process. 
/ Displays help at the command prompt. 
Remarks 


e Diskcopy works only with removable disks such as floppy disks, which must be the same type. You cannot 
use diskcopy with a hard disk. If you specify a hard disk drive for drive7 or drive2, diskcopy displays the 
following error message: 


Invalid drive specification 
Specified drive does not exist or is nonremovable 


The diskcopy command prompts you to insert the source and destination disks and waits for you to press 
any key on the keyboard before continuing. 


After it copies the disk, diskcopy displays the following message: 


Copy another diskette (Y/N)? 
If you press Y, diskcopy prompts you to insert source and destination disks for the next copy operation. To 
stop the diskcopy process, press N. 


If you're copying to an unformatted floppy disk in drive2, diskcopy formats the disk with the same number 
of sides and sectors per track as are on the disk in drive7. Diskcopy displays the following message while it 
formats the disk and copies the files: 


Formatting while copying 


e If the source disk has a volume serial number, diskcopy creates a new volume serial number for the 
destination disk and displays the number when the copy operation is complete. 


e |f you omit the drive2 parameter, diskcopy uses the current drive as the destination drive. If you omit both 
drive parameters, diskcopy uses the current drive for both. If the current drive is the same as ariveT, 
diskcopy prompts you to swap disks as necessary. 


e Run diskcopy from a drive other than the floppy disk drive, for example the C drive. If floppy disk drive1 
and floppy disk drive2 are the same, diskcopy prompts you to switch disks. If the disks contain more 
information than the available memory can hold, diskcopy cannot read all of the information at once. 
Diskcopy reads from the source disk, writes to the destination disk, and prompts you to insert the source 
disk again. This process continues until you have copied the entire disk. 


e Fragmentation is the presence of small areas of unused disk space between existing files on a disk. A 
fragmented source disk can slow down the process of finding, reading, or writing files. 


Because diskcopy makes an exact copy of the source disk on the destination disk, any fragmentation on the 
source disk is transferred to the destination disk. To avoid transferring fragmentation from one disk to 
another, use the copy command or the xcopy command to copy your disk. Because copy and xcopy copy 


files sequentially, the new disk is not fragmented. 





NOTE 


You cannot use xcopy to copy a startup disk. 





e diskcopy exit codes: 


EXIT CODE DESCRIPTION 

0 Copy operation was successful 

1 Nonfatal Read/Write error occurred 
3 Fatal hard error occurred 

4 Initialization error occurred 


To process the exit codes that are returned by diskcomp, you can use the ERRORLEVEL environment 


variable on the if command line in a batch program. 


Examples 


To copy the disk in drive B to the disk in drive A, type: 
diskcopy b: a: 

To use floppy disk drive A to copy one floppy disk to another, first switch to the C drive and then type: 
diskcopy a: a: 

Additional References 


e Command-Line Syntax Key 


e xcopy command 


e copy command 


diskpart 
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Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2019, Windows Server 2016, 
Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2, Windows Server 2008 


The diskpart command interpreter helps you manage your computer's drives (disks, partitions, volumes, or virtual 
hard disks). 


Before you can use diskpart commands, you must first list, and then select an object to give it focus. After an 
object has focus, any diskpart commands that you type will act on that object. 


List available objects 


You can list the available objects and determine an object's number or drive letter by using: 
@ list disk - Displays all the disks on the computer. 

@ list volume - Displays all the volumes on the computer. 

èe list partition - Displays the partitions on the disk that has focus on the computer. 

@ list vdisk - Displays all the virtual disks on the computer. 


After you run the list commands, an asterisk (*) appears next to the object with focus. 


Determine focus 


When you select an object, the focus remains on that object until you select a different object. For example, if the 
focus is set on disk 0 and you select volume 8 on disk 2, the focus shifts from disk 0 to disk 2, volume 8. 


Some commands automatically change the focus. For example, when you create a new partition, the focus 
automatically switches to the new partition. 


You can only give focus to a partition on the selected disk. After a partition has focus, the related volume (if any) 
also has focus. After a volume has focus, the related disk and partition also have focus if the volume maps to a 
single specific partition. If this isn't the case, focus on the disk and partition is lost. 


Syntax 


To start the diskpart command interpreter, at the command prompt type: 


diskpart <parameter> 





IMPORTANT 


You must be in your local Administrators group, or a group with similar permissions, to run diskpart. 





Parameters 


You can run the following commands from the Diskpart command interpreter: 


COMMAND 


active 


add 


assign 


attach vdisk 


attributes 


automount 


break 


clean 


compact vdisk 


convert 


create 


delete 


detach vdisk 


detail 


exit 


expand vdisk 


extend 


filesystems 


format 


gpt 


DESCRIPTION 


Marks the disk's partition with focus, as active. 


Mirrors the simple volume with focus to the specified disk. 


Assigns a drive letter or mount point to the volume with 
focus. 


Attaches (sometimes called mounts or surfaces) a virtual hard 
disk (VHD) so that it appears on the host computer as a local 
hard disk drive. 


Displays, sets, or clears the attributes of a disk or volume. 


Enables or disables the automount feature. 


Breaks the mirrored volume with focus into two simple 
volumes. 


Removes any and all partition or volume formatting from the 
disk with focus. 


Reduces the physical size of a dynamically expanding virtual 
hard disk (VHD) file. 


Converts file allocation table (FAT) and FAT32 volumes to the 
NTFS file system, leaving existing files and directories intact. 


Creates a partition on a disk, a volume on one or more disks, 
or a virtual hard disk (VHD). 


Deletes a partition or a volume. 


Stops the selected virtual hard disk (VHD) from appearing as a 
local hard disk drive on the host computer. 


Displays information about the selected disk, partition, 
volume, or virtual hard disk (VHD). 


Exits the diskpart command interpreter. 


Expands a virtual hard disk (VHD) to the size that you specify. 


Extends the volume or partition with focus, along with its file 
system, into free (unallocated) space on a disk. 


Displays information about the current file system of the 
volume with focus and lists the file systems that are 
supported for formatting the volume. 


Formats a disk to accept Windows files. 


Assigns the gpt attribute(s) to the partition with focus on 
basic GUID partition table (gpt) disks. 


COMMAND 


help 


import 


inactive 


list 


merge vdisk 


offline 
online 


recover 


rem 
remove 


repair 


rescan 


retain 


san 


select 


set id 


shrink 


uniqueid 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Displays a list of the available commands or detailed help 
information on a specified command. 


Imports a foreign disk group into the disk group of the local 
computer. 


Marks the system partition or boot partition with focus as 
inactive on basic master boot record (MBR) disks. 


Displays a list of disks, of partitions in a disk, of volumes in a 
disk, or of virtual hard disks (VHDs). 


Merges a differencing virtual hard disk (VHD) with its 
corresponding parent VHD. 


Takes an online disk or volume to the offline state. 


Takes an offline disk or volume to the online state. 


Refreshes the state of all disks in a disk group, attempt to 
recover disks in an invalid disk group, and resynchronizes 
mirrored volumes and RAID-5 volumes that have stale data. 


Provides a way to add comments to a script. 


Removes a drive letter or mount point from a volume. 


Repairs the RAID-5 volume with focus by replacing the failed 
disk region with the specified dynamic disk. 


Locates new disks that may have been added to the 
computer. 


Prepares an existing dynamic simple volume to be used as a 
boot or system volume. 


Displays or sets the storage area network (san) policy for the 
operating system. 


Shifts the focus to a disk, partition, volume, or virtual hard 
disk (VHD). 


Changes the partition type field for the partition with focus. 


Reduces the size of the selected volume by the amount you 
specify. 


Displays or sets the GUID partition table (GPT) identifier or 
master boot record (MBR) signature for the disk with focus. 


e Disk management overview 


e Storage Cmdlets in Windows PowerShell 


diskperf 
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The diskperf command remotely enables or disables physical or logical disk performance counters on computers 
running Windows. 


Syntax 


diskperf [-y[d|v] | -n[d]v]] [\\computername] 


Options 


OPTION DESCRIPTION 

-y Starts all disk performance counters when the computer 
restarts. 

-yd Enables disk performance counters for physical drives when 


the computer restarts. 


-yv Enables disk performance counters for logical drives or storage 
volumes when the computer restarts. 


-n Disables all disk performance counters when the computer 
restarts. 
-nd Disable disk performance counters for physical drives when 


the computer restarts. 


-nv Disable disk performance counters for logical drives or storage 
volumes when the computer restarts. 


\\<computername> Specifies the name of the computer where you want to enable 
or disable disk performance counters. 


-? Displays context sensitive help. 


Additional References 


e Command-Line Syntax Key 


Diskraid 
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Diskraid is a command-line tool that enables you to configure and manage redundant array of independent (or 
inexpensive) disks (RAID) storage subsystems. 


RAID is typically used on servers to standardize and categorize fault-tolerant disk systems. RAID levels provide 
various mixes of performance, reliability, and cost. Some servers provide three of the RAID levels: Level 0 (striping), 
Level 1 (mirroring), and Level 5 (striping with parity). 


A hardware RAID subsystem distinguishes physically addressable storage units from one another by using a 
Logical Unit Number (LUN). A LUN object must have at least one plex, and can have any number of additional 
plexes. Each plex contains a copy of the data on the LUN object. Plexes can be added to and removed from a LUN 
object. 


Most Diskraid commands operate on a specific host bus adapter (HBA) port, initiator adapter, initiator portal, 
provider, subsystem, controller, port, drive, LUN, target portal, target, or target portal group. You use the SELECT 
command to select an object. The selected object is said to have focus. Focus simplifies common configuration 


tasks, such as creating multiple LUNs within the same subsystem. 





NOTE 


The Diskraid command-line tool works only with storage subsystems that support Virtual Disk Service (VDS). 





Diskraid commands 


The following commands are available from within the Diskraid tool. 


add 


Adds an existing LUN to the currently selected LUN, or adds an iSCSI target portal to the currently selected iSCSI 
target portal group. 


Syntax 


add plex lun=n [noerr] 
add tpgroup tportal=n [noerr] 


Parameters 


PARAMETER DESCRIPTION 


plex lun= <n> Specifies the LUN number to add as a plex to the currently 
selected LUN. CAUTION: All data on the LUN being added as 
a plex will be deleted. 


tpgroup tportal= <n> Specifies the iSCSI target portal number to add to the 
currently selected iSCSI target portal group. 


noerr For scripting only. When an error is encountered, Diskraid 
continues to process commands as if the error did not occur. 


associate 


Sets the specified list of controller ports as active for the currently selected LUN (other controller ports are made 
inactive), or adds the specified controller ports to the list of existing active controller ports for the currently selected 
LUN, or associates the specified iSCSI target for the currently selected LUN. 


Syntax 


associate controllers [add] <n>[,<n> [,..]] 
associate ports [add] <n-m>[,<n-m>[,..]] 
associate targets [add] <n>[,<n> [,..]] 


Parameters 


PARAMETER DESCRIPTION 


controller Adds to or replaces the list of controllers that are associated 
with the currently selected LUN. Use only with VDS 1.0 
providers. 


ports Adds to or replaces the list of controller ports that are 
associated with the currently selected LUN. Use only with VDS 
1.1 providers. 


targets Adds to or replaces the list of iSCSI targets that are associated 
with the currently selected LUN. Use only with VDS 1.1 
providers. 


add If using VDS 1.0 providers: Adds the specified controllers 
to the existing list of controllers associated with the LUN. If 
this parameter is not specified, the list of controllers replaces 
the existing list of controllers associated with this LUN. 


If using VDS 1.1 providers: Adds the specified 
controller ports to the existing list of controller ports 
associated with the LUN. If this parameter is not specified, 
the list of controller ports replaces the existing list of 
controller ports associated with this LUN. 


<nie cno Use with the controllers or targets parameter. Specifies the 
numbers of the controllers or iSCSI targets to set to active or 
associate. 


<n-m>[,<n-m>[,..]] Use with the ports parameter. Specifies the controller ports to 
set active using a controller number (n) and port number (m) 
pair. 


Example 


To associate and add ports to a LUN that uses a VDS 1.1 provider: 


DISKRAID> SEL LUN 5 
LUN 5 is now the selected LUN. 


DISKRAID> ASSOCIATE PORTS Ø-9,9-1 
Controller port associations changed. 
(Controller ports active after this command: Ctlr Ø Port Ø, Ctlr Ø Port 1) 


DISKRAID> ASSOCIATE PORTS ADD 1-1 


Controller port associations changed. 
(Controller ports active after this command: Ctlr Ø Port Ø, Ctlr Ø Port 1, Ctlr 1 Port 1) 


automagic 


Sets or clears flags that give hints to providers on how to configure a LUN. Used with no parameters, the 
automagic operation displays a list of flags. 


Syntax 
automagic {set | clear | apply} all <flag=value> [<flag=value> [...]] 


Parameters 


PARAMETER DESCRIPTION 
set Sets the specified flags to the specified values. 
clear Clears the specified flags. The all keyword clears all the 


automagic flags. 
apply Applies the current flags to the selected LUN. 


<flag> Flags are identified by three-letter acronyms, including: 
e FCR - Fast Crash Recovery Required 
e FTL - Fault Tolerant 
e MSR - Mostly Reads 
e MXD - Maximum drives 
e MXS - Maximum Size Expected 
e ORA - Optimal Read Alignment 
e ORS - Optimal Read Size 
e OSR - Optimize for Sequential Reads 
e OSW - Optimize for Sequential Writes 
e OWA - Optimal Write Alignment 
e OWS - Optimal Write Size 
e RBP - Rebuild Priority 
e RBV - Read Back Verify Enabled 
e RMP - Remap Enabled 
e STS - Strip Size 
e WTC - Write-Through Caching Enabled 
e YNK - Removable 


break 


Removes the plex from the currently selected LUN. The plex and the data it contained are not retained, and the 


drive extents may be reclaimed. 


Caution 


You must first select a mirrored LUN before using this command. All data on the plex will be deleted. All data 
contained on the original LUN is not guaranteed to be consistent. 


Syntax 
break plex=<plex_number> [noerr] 


Parameters 


PARAMETER DESCRIPTION 


PARAMETER DESCRIPTION 


plex Specifies the number of the plex to remove. The plex and the 
data it contained will not be retained, and the resources used 
by this plex will be reclaimed. The data contained on the LUN 
is not guaranteed to be consistent. If you want to retain this 
plex, use the Volume Shadow Copy Service (VSS). 


noerr For scripting only. When an error is encountered, Diskraid 
continues to process commands as if the error did not occur. 


chap 


Sets the Challenge Handshake Authentication Protocol (CHAP) shared secret so that iSCSI initiators and iSCSI 
targets can communicate with one another. 


Syntax 


chap initiator set secret=[<secret>] [target=<target>] 

chap initiator remember secret=[<secret>] target=<target> 

chap target set secret=[<secret>] [initiator=<initiatorname>] 
chap target remember secret=[<secret>] initiator=<initiatorname> 


Parameters 


PARAMETER DESCRIPTION 


initiator set Sets the shared secret in the local iSCSI initiator service used 
for mutual CHAP authentication when the initiator 
authenticates the target. 


initiator remember Communicates the CHAP secret of an iSCSI target to the local 
iSCSI initiator service so that the initiator service can use the 
secret in order to authenticate itself to the target during 
CHAP authentication. 


target set Sets the shared secret in the currently selected iSCSI target 
used for CHAP authentication when the target authenticates 
the initiator. 


target remember Communicates the CHAP secret of an iSCSI initiator to the 
current in-focus iSCSI target so that the target can use the 
secret in order to authenticate itself to the initiator during 
mutual CHAP authentication. 


secret Specifies the secret to use. If empty the secret will be cleared. 


target Specifies a target in the currently selected subsystem to 
associate with the secret. This is optional when setting a secret 
on the initiator and leaving it out indicates that the secret will 
be used for all targets that do not already have an associated 
secret. 


initiatorname Specifies an initiator iSCSI name to associate with the secret. 
This is optional when setting a secret on a target and leaving 
it out indicates that the secret will be used for all initiators that 
do not already have an associated secret. 


create 


Creates a new LUN or iSCSI target on the currently selected subsystem, or creates a target portal group on the 


currently selected target. You can view the actual binding using the Diskraid list command. 


Syntax 
create lun simple [size=<n>] [drives=<n>] [noerr] 
create lun stripe [size=<n>] [drives=<n, n> [,...]] [stripesize=<n>] [noerr] 
create lun raid [size=<n>] [drives=<n, n> [,...]] [stripesize=<n>] [noerr] 
create lun mirror [size=<n>] [drives=<n, n> [,...]] [stripesize=<n>] [noerr] 
create lun automagic size=<n> [noerr] 
create target name=<name> [iscsiname=<iscsiname>] [noerr] 
create tpgroup [noerr] 
Parameters 
PARAMETER DESCRIPTION 
simple Creates a simple LUN. 
stripe Creates a striped LUN. 
raid Creates a striped LUN with parity. 
mirror Creates a mirrored LUN. 
automagic Creates a LUN using the automagic hints currently in effect. 
For more info, see the automagic sub-command in this 
article. 
size= Specifies the total LUN size in megabytes. Either the size= or 
the drives= parameter must be specified. They can also be 
used together. If the size= parameter is not specified, the 
LUN created will be the largest possible size allowed by all the 
specified drives. 
A provider typically creates a LUN at least as big as the 
requested size, but the provider may have to round up to 
the next largest size in some cases. For example, if size is 
specified as .99 GB and the provider can only allocate GB 
disk extents, the resulting LUN would be 1 GB. To specify 
the size using other units, use one of the following 
recognized suffixes immediately after the size: 
© B - byte 
© KB - kilobyte 
e MB - megabyte 
e GB - gigabyte 
e TB - terabyte 
© PB - petabyte. 
drives= Specifies the drive_number for the drives to use to create a 


LUN. Either the size= or the drives= parameter must be 
specified. They can also be used together. If the size= 
parameter is not specified, the LUN created is the largest 
possible size allowed by all the specified drives. If the size= 
parameter is specified, providers will select drives from the 
specified drive list to create the LUN. Providers will attempt to 
use the drives in the order specified when possible. 


PARAMETER 


stripesize= 


target 


name 


iscsiname 


tpgroup 


noerr 


delete 


DESCRIPTION 


Specifies the size in megabytes for a stripe or raid LUN. The 
stripesize cannot be changed after the LUN is created. To 
specify the size using other units, use one of the following 
recognized suffixes immediately after the size: 

e B - byte 

© KB - kilobyte 

© MB - megabyte 

e GB - gigabyte 

e TB - terabyte 

e PB - petabyte. 


Creates a new iSCSI target on the currently selected 
subsystem. 


Supplies the friendly name for the target. 


Supplies the iSCSI name for the target and can be omitted to 
have the provider generate a name. 


Creates a new iSCSI target portal group on the currently 
selected target. 


For scripting only. When an error is encountered, Diskraid 
continues to process commands as if the error did not occur. 


Deletes the currently selected LUN, iSCSI target (as long as there are not any LUNs associated with the iSCSI target) 


or iSCSI target portal group. 


Syntax 


delete lun [uninstall] [noerr] 
delete target [noerr] 
delete tpgroup [noerr] 


Parameters 


PARAMETER 


lun 


uninstall 


target 


tpgroup 


noerr 


detail 


DESCRIPTION 


Deletes the currently selected LUN and all data on it. 


Specifies that the disk on the local system associated with the 
LUN will be cleaned up before the LUN is deleted. 


Deletes the currently selected iSCSI target if no LUNs are 
associated with the target. 


Deletes the currently selected iSCSI target portal group. 


For scripting only. When an error is encountered, Diskraid 
continues to process commands as if the error did not occur. 


Displays detailed information about the currently selected object of the specified type. 


Syntax 


detail (hbaport | iadapter | iportal | provider | subsystem | controller | port | drive | lun | tportal | 


target | tpgroup) [verbose] 


Parameters 


PARAMETER 


hbaport 


iadapter 


iportal 


provider 


subsystem 


controller 


port 


drive 


lun 


tportal 


target 


tpgroup 


verbose 


dissociate 


DESCRIPTION 


Lists detailed information about the currently selected host 
bus adapter (HBA) port. 


Lists detailed information about the currently selected iSCSI 
initiator adapter. 


Lists detailed information about the currently selected iSCSI 
initiator portal. 


Lists detailed information about the currently selected 
provider. 


Lists detailed information about the currently selected 
subsystem. 


Lists detailed information about the currently selected 
controller. 


Lists detailed information about the currently selected 
controller port. 


Lists detailed information about the currently selected drive, 
including the occupying LUNs. 


Lists detailed information about the currently selected LUN, 
including the contributing drives. The output differs slightly 
depending on whether the LUN is part of a Fibre Channel or 
iSCSI subsystem. If the Unmasked Hosts list contains only an 
asterisk, this means that the LUN is unmasked to all hosts. 


Lists detailed information about the currently selected iSCSI 
target portal. 


Lists detailed information about the currently selected iSCSI 
target. 


Lists detailed information about the currently selected iSCSI 
target portal group. 


For use only with the LUN parameter. Lists additional 
information, including its plexes. 


Sets specified list of controller ports as inactive for the currently selected LUN (other controller ports are not 


affected), or dissociates the specified list of iSCSI targets for the currently selected LUN. 


Syntax 


dissociate controllers <n> [,<n> [,...]] 
dissociate ports <n-m>[,<n-m>[,...]] 
dissociate targets <n> [,<n> [,..]] 


Parameter 


PARAMETER 


controllers 


ports 


targets 


<n> Mien Ad 


<n-m>[,<n-m>[,..]] 


Example 


DISKRAID> SEL LUN 5 
LUN 5 is now the selected LUN. 


DISKRAID> ASSOCIATE PORTS Ø-9,0-1 
Controller port associations changed. 


(Controller ports active after this command: 


DISKRAID> ASSOCIATE PORTS ADD 1-1 
Controller port associations changed. 


(Controller ports active after this command: 


DISKRAID> DISSOCIATE PORTS Ø-Ø,1-1 
Controller port associations changed. 


(Controller ports active after this command: 


exit 
Exits Diskraid. 


Syntax 


exit 


extend 


DESCRIPTION 


Removes controllers from the list of controllers that are 
associated with the currently selected LUN. Use only with VDS 
1.0 providers. 


Removes controller ports from the list of controller ports that 
are associated with the currently selected LUN. Use only with 
VDS 1.1 providers. 


Removes targets from the list of iSCSI targets that are 
associated with the currently selected LUN. Use only with VDS 
1.1 providers. 


For use with the controllers or targets parameter. Specifies 
the numbers of the controllers or iSCSI targets to set as 
inactive or dissociate. 


For use with the ports parameter. Specifies the controller 
ports to set as inactive by using a controller number (n^) and 
port number (m) pair. 


Ctlr Ø Port Ø, Ctlr Ø Port 1) 


Ctlr Ø Port Ø, Ctlr Ø Port 1, Ctlr 1 Port 1) 


Ctlr Ø Port 1) 


Extends the currently selected LUN by adding sectors to the end of the LUN. Not all providers support extending 
LUNs. Does not extend any volumes or file systems contained on the LUN. After you extend the LUN, you should 
extend the associated on-disk structures using the DiskPart extend command. 


Syntax 


extend lun [size=<LUN size>] [drives=<drive number>, [<drive number>, ...]] [noerr] 


Parameters 


PARAMETER 


size 


drives= 


noerr 


flushcache 


Clears the cache on the currently selected controller. 


Syntax 


flushcache controller 


help 


Displays a list of all Diskraid commands. 


Syntax 


help 


importtarget 


DESCRIPTION 


Specifies the size in megabytes to extend the LUN. Either the 
size or the <«drive> parameter must be specified. They can 
also be used together. If the size= parameter is not specified, 
the LUN is extended by the largest possible size allowed by all 
the specified drives. If the size= parameter is specified, 
providers select drives from the list specified by the drives= 
parameter to create the LUN. To specify the size using other 
units, use one of the following recognized suffixes immediately 
after the size: 

© B - byte 

© KB - kilobyte 

e MB - megabyte 

e GB - gigabyte 

e TB - terabyte 

© PB - petabyte. 


Specifies the <drive_number> for the drives to use when 
creating a LUN. Either the sizeor the <drive> parameter 
must be specified. They can also be used together. If the size= 
parameter is not specified, the LUN created is the largest 
possible size allowed by all the specified drives. Providers use 
the drives in the order specified when possible. 


For scripting only. When an error is encountered, Diskraid 
continues to process commands as if the error did not occur. 


Retrieves or sets the current Volume Shadow Copy Service (VSS) import target that is set for the currently selected 


subsystem. 


Syntax 


importtarget subsystem [set target] 


Parameter 


PARAMETER 


set target 


initiator 
Retrieves information about the local iSCSI initiator. 


Syntax 


initiator 


invalidatecache 


Invalidates the cache on the currently selected controller. 


Syntax 


invalidatecache controller 


Ibpolicy 


Sets the load balance policy on the currently selected LUN. 


Syntax 


DESCRIPTION 


If specified, sets the currently selected target to the VSS 
import target for the currently selected subsystem. If not 
specified, the command retrieves the current VSS import 
target that is set for the currently selected subsystem. 


lbpolicy set lun type=<type> [paths=<path>-(primary | <weight>)[,<path>-(primary | <weight>)[,..]]] 


lbpolicy set lun paths=<path>-{primary | <weight>}[,<path>-{primary | <weight>)[,..]] 


Parameters 


PARAMETER 


type 


path 


DESCRIPTION 


Specifies the load balance policy. If the type is not specified, 
then the path parameter must be specified. Type can be one 
of the following: 

e FAILOVER - Uses one primary path with other paths 
being backup paths. 

e ROUNDROBIN - Uses all paths in round-robin 
fashion, which tries each path sequentially. 

e SUBSETROUNDROBIN - Uses all primary paths in 
round-robin fashion; backup paths are used only if all 
primary paths fail. 

e DYNLQD - Uses the path with the least number of 
active requests. 


e WEIGHTED - Uses the path with the least weight 
(each path must be assigned a weight). 

e LEASTBLOCKS - Uses the path with the least blocks. 

e VENDORSPECIFIC - Uses a vendor-specific policy. 


Specifies whether a path is primary or has a particular 

<weight> . Any paths not specified are implicitly set as 
backup. Any paths listed must be one of the currently selected 
LUN's paths. 


list 
Displays a list of objects of the specified type. 


Syntax 


list {hbaports | iadapters | iportals | providers | subsystems | controllers | ports | drives | LUNs 


tportals | targets | tpgroups} 


Parameters 


PARAMETER 


hbaports 


iadapters 


iportals 


providers 


subsystems 


controllers 


ports 


drives 


luns 


tportals 


targets 


DESCRIPTION 


Lists summary information about all HBA ports known to 
VDS. The currently selected HBA port is marked by an asterisk 
(*). 


Lists summary information about all iSCSI initiator adapters 
known to VDS. The currently selected initiator adapter is 
marked by an asterisk (*). 


Lists summary information about all iSCSI initiator portals in 
the currently selected initiator adapter. The currently selected 
initiator portal is marked by an asterisk (*). 


Lists summary information about each provider known to 
VDS. The currently selected provider is marked by an asterisk 
(*). 


Lists summary information about each subsystem in the 
system. The currently selected subsystem is marked by an 
asterisk (*). 


Lists summary information about each controller in the 
currently selected subsystem. The currently selected controller 
is marked by an asterisk (*). 


Lists summary information about each controller port in the 
currently selected controller. The currently selected port is 
marked by an asterisk (*). 


Lists summary information about each drive in the currently 
selected subsystem. The currently selected drive is marked by 
an asterisk (*). 


Lists summary information about each LUN in the currently 
selected subsystem. The currently selected LUN is marked by 
an asterisk (*). 


Lists summary information about all iSCSI target portals in the 
currently selected subsystem. The currently selected target 
portal is marked by an asterisk (*). 


Lists summary information about all iSCSI targets in the 
currently selected subsystem. The currently selected target is 
marked by an asterisk (*). 


PARAMETER 


tpgroups 


login 


DESCRIPTION 


Lists summary information about all iSCSI target portal 
groups in the currently selected target. The currently selected 
portal group is marked by an asterisk (*). 


Logs the specified iSCSI initiator adapter into the currently selected iSCSI target. 


Syntax 


login target iadapter=<iadapter> [type={manual | persistent | boot}] [chap={none | oneway | mutual}] [iportal= 


<iportal>] [tportal=<tportal>] [<flag> [<flag> [..]]] 


Parameters 


PARAMETER 


type 


manual 


persistent 


chap 


tportal 


iportal 


<flag> 


logout 


DESCRIPTION 


Specifies the type of login to perform: manual or persistent. 
If unspecified, a manual login will be performed. 


Login manually. There's also a boot option that is intended for 
future development and isn't currently used. 


Automatically use the same login when the computer is 
restarted. 


Specifies the type of CHAP authentication to use: none, 
oneway CHAP or mutual CHAP; if unspecified, no 
authentication will be used. 


Specifies an optional target portal in the currently selected 
subsystem to use for the log in. 


Specifies an optional initiator portal in the specified initiator 
adapter to use for the log in. 


Identified by three-letter acronyms: 
e IPS - Require IPsec 

e EMP - Enable multipath 

e EHD - Enable header digest 

e EDD - Enable data digest 


Logs the specified iSCSI initiator adapter out of the currently selected iSCSI target. 


Syntax 


logout target iadapter= <iadapter> 


Parameters 


PARAMETER 


iadapter 


DESCRIPTION 


Specifies the initiator adapter with a login session to logout 
from. 


maintenance 


Performs maintenance operations on the currently selected object of the specified type. 


Syntax 
maintenance <object operation> [count=<iteration>] 


Parameters 


PARAMETER DESCRIPTION 
<object> Specifies the type of object on which to perform the operation. 
The object type can be a subsystem, controller, port, 
drive or LUN. 
<operation> Specifies the maintenance operation to perform. The operation 


type can be spinup, spindown, blink, beep or ping. An 
operation must be specified. 


count= Specifies the number of times to repeat the operation. This is 
typically used with blink, beep,or ping. 


name 


Sets the friendly name of the currently selected subsystem, LUN, or iSCSI target to the specified name. 


Syntax 
name {subsystem | lun | target} [<name>] 


Parameter 


PARAMETER DESCRIPTION 


<name> Specifies a name for the subsystem, LUN, or target. The name 
must be less than 64 characters in length. If no name is 
supplied, the existing name, if any, is deleted. 


offline 


Sets the state of the currently selected object of the specified type to offline. 


Syntax 
offline <object> 


Parameter 


PARAMETER DESCRIPTION 


<object> Specifies the type of object on which to perform this 
operation. The type can be: subsystem, controller, drive, 
LUN, or tportal. 


online 


Sets the state of the selected object of the specified type to online. If object is hbaport, changes the status of the 
paths to the currently selected HBA port to online. 


Syntax 


online <object> 


Parameter 


PARAMETER 


<object> 


recover 


DESCRIPTION 


Specifies the type of object on which to perform this 
operation. The type can be: hbaport, subsystem, 
controller, drive, LUN, or tportal. 


Performs operations necessary, such as resynchronization or hot sparing, to repair the currently selected fault- 
tolerant LUN. For example, RECOVER might cause a hot spare to be bound to a RAID set that has a failed disk or 


other disk extent reallocation. 


Syntax 


recover <lun> 


reenumerate 


Reenumerates objects of the specified type. If you use the extend LUN command, you must use the refresh 


command to update the disk size before using the reenumerate command. 


Syntax 


reenumerate {subsystems | drives} 


Parameters 


PARAMETER 


subsystems 


drives 


refresh 


Refreshes internal data for the currently selected provider. 


Syntax 


refresh provider 


rem 


Used to comment scripts. 


Syntax 


Rem <comment> 


remove 


DESCRIPTION 


Queries the provider to discover any new subsystems that 
were added in the currently selected provider. 


Queries the internal I/O buses to discover any new drives that 
were added in the currently selected subsystem. 


Removes the specified iSCSI target portal from the currently selected target portal group. 


Syntax 


remove tpgroup tportal=<tportal> [noerr] 


Parameter 
PARAMETER DESCRIPTION 
tpgroup tportal= <tportal> Specifies the iSCSI target portal to remove. 
noerr For scripting only. When an error is encountered, Diskraid 
continues to process commands as if the error did not occur. 
replace 


Replaces the specified drive with the currently selected drive. The specified drive may not be the currently selected 


drive. 


Syntax 


replace drive=<drive_number> 


Parameter 

PARAMETER DESCRIPTION 

drive= Specifies the <drive_number> for the drive to be replaced. 
reset 


Resets the currently selected controller or port. 


Syntax 


reset {controller | port} 


Parameters 
PARAMETER DESCRIPTION 
controller Resets the controller. 
port Resets the port. 
select 


Displays or changes the currently selected object. 


Syntax 


select {hbaport | iadapter | iportal | provider | subsystem | controller | port | drive | lun | tportal | 
target | tpgroup } [<n>] 


Parameters 
PARAMETER DESCRIPTION 
object Specifies the type of object to select, including: provider, 


subsystem, controller, drive, or LUN. 


PARAMETER 


hbaport [<n>] 


iadapter [<n>] 


iportal [<n>] 


provider [<n>] 


subsystem [<n>] 


controller [<n>] 


port [<n>] 


drive [<n>] 


lun [<n>] 


DESCRIPTION 


Sets the focus to the specified local HBA port. If no HBA port 
is specified, the command displays the currently selected HBA 
port (if any). Specifying an invalid HBA port index results in no 
in-focus HBA port. Selecting an HBA port deselects any 
selected initiator adapters and initiator portals. 


Sets the focus to the specified local iSCSI initiator adapter. If no 
initiator adapter is specified, the command displays the 
currently selected initiator adapter (if any). Specifying an 
invalid initiator adapter index results in no in-focus initiator 
adapter. Selecting an initiator adapter deselects any selected 
HBA ports and initiator portals. 


Sets the focus to the specified local iSCSI initiator portal within 
the selected iSCSI initiator adapter. If no initiator portal is 
specified, the command displays the currently selected initiator 
portal (if any). Specifying an invalid initiator portal index 
results in no selected initiator portal. 


Sets the focus to the specified provider. If no provider is 
specified, the command displays the currently selected 
provider (if any). Specifying an invalid provider index results in 
no in-focus provider. 


Sets the focus to the specified subsystem. If no subsystem is 
specified, the command displays the subsystem with focus (if 
any). Specifying an invalid subsystem index results in no in- 
focus subsystem. Selecting a subsystem implicitly selects its 
associated provider. 


Sets the focus to the specified controller within the currently 
selected subsystem. If no controller is specified, the command 
displays the currently selected controller (if any). Specifying an 
invalid controller index results in no in-focus controller. 
Selecting a controller deselects any selected controller ports, 
drives, LUNs, target portals, targets, and target portal groups. 


Sets the focus to the specified controller port within the 
currently selected controller. If no port is specified, the 
command displays the currently selected port (if any). 
Specifying an invalid port index results in no selected port. 


Sets the focus to the specified drive, or physical spindle, within 
the currently selected subsystem. If no drive is specified, the 
command displays the currently selected drive (if any). 
Specifying an invalid drive index results in no in-focus drive. 
Selecting a drive deselects any selected controllers, controller 
ports, LUNs, target portals, targets, and target portal groups. 


Sets the focus to the specified LUN within the currently 
selected subsystem. If no LUN is specified, the command 
displays the currently selected LUN (if any). Specifying an 
invalid LUN index results in no selected LUN. Selecting a LUN 
deselects any selected controllers, controller ports, drives, 
target portals, targets, and target portal groups. 


PARAMETER DESCRIPTION 


tportal [<n>] Sets the focus to the specified iSCSI target portal within the 
currently selected subsystem. If no target portal is specified, 
the command displays the currently selected target portal (if 
any). Specifying an invalid target portal index results in no 
selected target portal. Selecting a target portal deselects any 
controllers, controller ports, drives, LUNs, targets, and target 
portal groups. 


target [<n>] Sets the focus to the specified iSCSI target within the currently 
selected subsystem. If no target is specified, the command 
displays the currently selected target (if any). Specifying an 
invalid target index results in no selected target. Selecting a 
target deselects any controllers, controller ports, drives, LUNs, 
target portals, and target portal groups. 


tpgroup [<n>] Sets the focus to the specified iSCSI target portal group within 
the currently selected iSCSI target. If no target portal group is 
specified, the command displays the currently selected target 
portal group (if any). Specifying an invalid target portal group 
index results in no in-focus target portal group. 


[<n>] Specifies the <object number> to select. If the 
<object number> specified is not valid, any existing 
selections for objects of the specified type are cleared. If no 
<object number> is specified, the current object is displayed. 


setflag 


Sets the currently selected drive as a hot spare. Hot spares can't be used for ordinary LUN binding operations. 
They're reserved for fault handling only. The drive must not be currently bound to any existing LUN. 


Syntax 


setflag drive hotspare={true | false} 


Parameters 
PARAMETER DESCRIPTION 
true Selects the currently selected drive as a hot spare. 
false Unselects the currently selected drive as a hot spare. 
shrink 


Reduces the size of the selected LUN. 


Syntax 


shrink lun size=<n> [noerr] 


Parameters 


PARAMETER DESCRIPTION 


PARAMETER DESCRIPTION 


size Specifies the desired amount of space in megabytes (MB) to 
reduce the size of the LUN by. To specify the size using other 
units, use one of the following recognized suffixes immediately 
after the size: 


e B- byte 

© KB - kilobyte 

© MB - megabyte 
e GB - gigabyte 
e TB - terabyte 

e PB - petabyte. 


noerr For scripting only. When an error is encountered, Diskraid 
continues to process commands as if the error did not occur. 


standby 
Changes the status of the paths to the currently selected host bus adapter (HBA) port to STANDBY. 


Syntax 


standby hbaport 


Parameters 
PARAMETER DESCRIPTION 
hbaport Changes the status of the paths to the currently selected host 
bus adapter (HBA) port to STANDBY. 
unmask 


Makes the currently selected LUNs accessible from the specified hosts. 


Syntax 


unmask lun {all | none | [add] wwn=<hexadecimal_number> [;<hexadecimal_number> [;..]] | [add] initiator= 
<initiator>[;<initiator>[;..]]} [uninstall] 


Parameters 

PARAMETER DESCRIPTION 

all Specifies that the LUN should be made accessible from all 
hosts. However, you cannot unmask the LUN to all targets in 
an iSCSI subsystem. 
You must logout of the target before you run the 

unmask lun all command. 
none Specifies that the LUN should not be accessible to any host. 


You must logout of the target before you run the 
unmask lun none command. 


PARAMETER DESCRIPTION 


add Specifies that the hosts specified must be added to the 
existing list of hosts that this LUN is accessible from. If this 
parameter is not specified, the list of hosts supplied replaces 
the existing list of hosts that this LUN is accessible from. 


wwn= Specifies a list of hexadecimal numbers representing world- 
wide names from which the LUN or hosts should be made 
accessible. To mask/unmask to a specific set of hosts in a Fibre 
Channel subsystem, you can type a semicolon-separated list 
of WWN's for the ports on the host machines of interest. 


initiator= Specifies a list of iSCSI initiators to which the currently selected 
LUN should be made accessible. To mask/unmask to a specific 
set of hosts in an iSCSI subsystem, you can type a semicolon- 
separated list of iSCSI initiator names for the initiators on the 
host computers of interest. 


uninstall If specified, uninstalls the disk associated with the LUN on the 
local system before the LUN is masked. 


Scripting Diskraid 


Diskraid can be scripted on any computer running a supported version of Windows Server, with an associated VDS 
hardware provider. To invoke a Diskraid script, at the command prompt type: 


diskraid /s <script.txt> 


By default, Diskraid stops processing commands and returns an error code if there is a problem in the script. To 
continue running the script and ignore errors, include the noerr parameter on the command. This permits such 
useful practices as using a single script to delete all the LUNs in a subsystem regardless of the total number of 

LUNs. Not all commands support the noerr parameter. Errors are always returned on command-syntax errors, 


regardless of whether you included the noerr parameter. 


Diskraid error codes 


ERROR CODE ERROR DESCRIPTION 

0 No error occurred. The entire script ran without failure. 

1 A fatal exception occurred. 

2 The arguments specified on a Diskraid command line were 
incorrect. 

3 Diskraid was unable to open the specified script or output file. 

4 One of the services Diskraid uses returned a failure. 

5 A command syntax error occurred. The script failed because an 


object was improperly selected or was invalid for use with that 
command. 


Example 


To view the status of subsystem 0 on your computer, type: 
diskraid 
Press ENTER and output similar to the following is displayed: 


Microsoft Diskraid version 5.2.xxXx 
Copyright (©) 2003 Microsoft Corporation 
On computer: COMPUTER NAME 


To select subsystem 0, type the following at the Diskraid prompt: 
select subsystem @ 
Press ENTER and output similar to the following is displayed: 


Subsystem @ is now the selected subsystem. 


DISKRAID> list drives 


Drive ### Status Health Size Free Bus Slot Flags 
Drive @ Online Healthy 107 GB 107 GB ð 1 
Drive 1 Offline Healthy 29 GB 29 GB 1 ð 
Drive 2 Online Healthy 107 GB 107 GB ð 2 
Drive 3 Not Ready Healthy 19 GB 19 GB 1 1 


To exit Diskraid, type the following at the Diskraid prompt: 


exit 


Additional References 


e Command-Line Syntax Key 


Diskshadow 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Diskshadow.exe is a tool that exposes the functionality offered by the volume shadow copy Service (VSS). By 
default, Diskshadow uses an interactive command interpreter similar to that of Diskraid or Diskpart. Diskshadow 
also includes a scriptable mode. 





NOTE 


Membership in the local Administrators group, or equivalent, is the minimum required to run Diskshadow. 








Syntax 


For interactive mode, type the following at the command prompt to start the Diskshadow command interpreter: 
diskshadow 
For script mode, type the following, where script txt is a script file containing Diskshadow commands: 


diskshadow -s script.txt 


Parameters 


You can run the following commands in the Diskshadow command interpreter or through a script file. At a 
minimum, only add and create are necessary to create a shadow copy. However, this forfeits the context and 
option settings, will be a copy backup, and creates a shadow copy with no backup execution script. 


COMMAND DESCRIPTION 


set command Sets the context, options, verbose mode, and metadata file for 
creating shadow copies. 


load metadata command Loads a metadata .cab file prior to importing a transportable 
shadow copy or loads the writer metadata in the case of a 
restore. 

writer command verifies that a writer or component is included or excludes a 


writer or component from the backup or restore procedure. 


add command Adds volumes to the set of volumes that are to be shadow 
copied, or adds aliases to the alias environment. 


create command Starts the shadow copy creation process, using the current 
context and option settings. 


exec command Executes a file on the local computer. 


COMMAND 


begin backup command 


end backup command 


begin restore command 


end restore command 


reset command 


list command 


delete shadows command 


import command 


mask command 


expose command 


unexpose command 


break command 


revert command 


exit command 


DESCRIPTION 


Starts a full backup session. 


Ends a full backup session and issues a backupcomplete 
event with the appropriate writer state, if needed. 


Starts a restore session and issues a prerestore event to 
involved writers. 


Ends a restore session and issues a postrestore event to 
involved writers. 


Resets Diskshadow to the default state. 


Lists writers, shadow copies, or currently registered shadow 
copy providers that are on the system. 


Deletes shadow copies. 


Imports a transportable shadow copy from a loaded 
metadata file into the system. 


Removes hardware shadow copies that were imported by 
using the import command. 


Exposes a persistent shadow copy as a drive letter, share, or 
mount point. 


Unexposes a shadow copy that was exposed by using the 
expose command. 


Disassociates a shadow copy volume from VSS. 


Reverts a volume back to a specified shadow copy. 


Exits the command interpreter or script. 


Examples 


This is asample sequence of commands that will create a shadow copy for backup. It can be saved to file as 
script.dsh, and executed using diskshadow /s script.dsh . 


Assume the following: 

e You have an existing directory called c\diskshadowdata. 

e Your system volume is C: and your data volume is D:. 

e You have a backupscript.cmd file in c\diskshadowdata. 

e Your backupscript.cmd file will perform the copy of shadow data p: and q: to your backup drive. 


You can enter these commands manually or script them: 


#Diskshadow script file 

set context persistent nowriters 

set metadata c:\diskshadowdata\example.cab 
set verbose on 

begin backup 

add volume c: alias systemvolumeshadow 

add volume d: alias datavolumeshadow 


create 

expose %systemvolumeshadow% p: 

expose %datavolumeshadow% q: 

exec c:\diskshadowdata\backupscript. cmd 


end backup 
#End of script 


Additional References 


e Command-Line Syntax Key 


dispdiag 
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Logs display information to a file. 


Syntax 


dispdiag [-testacpi] [-d] [-delay <seconds>] [-out <filepath>] 


Parameters 

PARAMETER DESCRIPTION 

- testacpi Runs hotkey diagnostics test. Displays the key name, code and 
scan code for any key pressed during the test. 

-d Generates a dump file with test results. 

-delay <seconds> Delays the collection of data by specified time in seconds. 

-out <filepath> Specifies path and filename to save collected data. This must 
be the last parameter. 

-? 


Displays available command parameters and provides help for 
using them. 


Additional References 


e Command-Line Syntax Key 


Dnscmd 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


A command-line interface for managing DNS servers. This utility is useful in scripting batch files to help automate 
routine DNS management tasks, or to perform simple unattended setup and configuration of new DNS servers on 
your network. 


Syntax 


dnscmd <servername> <command> [<command parameters>] 


Parameters 
PARAMETER DESCRIPTION 
<servername> The IP address or host name of a remote or local DNS server. 


dnscmd /ageallrecords command 


Sets the current time on a time stamp on resource records at a specified zone or node on a DNS server. 


Syntax 


dnscmd [<servername>] /ageallrecords <zonename>[<nodename>] | [/tree]|[/f] 


Parameters 
PARAMETER DESCRIPTION 
<servername> Specifies the DNS server that the administrator plans to 
manage, represented by IP address, fully qualified domain 
name (FQDN), or Host name. If this parameter is omitted, the 
local server is used. 
<zonename> Specifies the FQDN of the zone. 
<nodename> Specifies a specific node or subtree in the zone, using the 
following: 
e @ for root zone or FQDN 
e The FQDN of a node (the name with a period (.) at the 
end) 
e Asingle label for the name relative to the zone root. 
/tree Specifies that all child nodes also receive the time stamp. 


/t Runs the command without asking for confirmation. 


Remarks 

e Theageallrecords command is for backward compatibility between the current version of DNS and 
previous releases of DNS in which aging and scavenging were not supported. It adds a time stamp with the 
current time to resource records that do not have a time stamp, and it sets the current time on resource 


records that do have a time stamp. 


e Record scavenging does not occur unless the records are time stamped. Name server (NS) resource records, 
start of authority (SOA) resource records, and Windows Internet Name Service (WINS) resource records are 
not included in the scavenging process, and they are not time stamped even when the ageallrecords 


command runs. 


e This command fails unless scavenging is enabled for the DNS server and the zone. For information about 
how to enable scavenging for the zone, see the aging parameter, within the syntax of the dnscmd /config 


command in this article. 


e The addition of a time stamp to DNS resource records makes them incompatible with DNS servers that run 
on operating systems other than Windows Server. A time stamp added by using the ageallrecords 


command can't be reversed. 


e |f none of the optional parameters are specified, the command returns all resource records at the specified 
node. If a value is specified for at least one of the optional parameters, dnscmd enumerates only the 
resource records that correspond to the value or values that are specified in the optional parameter or 


parameters. 


Examples 


Example 1: Set the current time on a time stamp to resource records 


dnscmd /clearcache command 


Clears the DNS cache memory of resource records on the specified DNS server. 


Syntax 


dnscmd [<servername>] /clearcache 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
Example 


dnscmd dnssvr1.contoso.com /clearcache 


dnscmd /config command 


Changes values in the registry for the DNS server and individual zones. This command also modifies the 


configuration of the specified server. Accepts server-level and zone-level settings. 


Caution 
Don't edit the registry directly unless you have no alternative. The registry editor bypasses standard safeguards, 
allowing settings that can degrade performance, damage your system, or even require you to reinstall Windows. 


You can safely alter most registry settings by using the programs in Control Panel or Microsoft Management 


Console (mmc). If you must edit the registry directly, back it up first. Read the registry editor help for more 


information. 


Server-level syntax 


dnscmd [<servername>] /config <parameter> 


Parameters 


NOTE 


This article contains references to the term slave, a term that Microsoft no longer uses. When the term is removed from the 


software, we'll remove it from this article. 


PARAMETERS 


<servername> 


<parameter> 


/addressanswerlimit [@|5-28] 


/bindsecondaries [@|1] 


/bootmethod [e|1|213] 


/defaultagingstate [@|1] 





DESCRIPTION 


Specifies the DNS server that you are planning to manage, 
represented by local computer syntax, IP address, FQDN, or 
host name. If this parameter is omitted, the local server is 
used. 


Specify a setting and, as an option, a value. Parameter values 
use this syntax: parameter [value]. 


Specifies the maximum number of host records that a DNS 
server can send in response to a query. The value can be zero 
(0), or it can be in the range of 5 through 28 records. The 
default value is zero (0). 


Changes the format of the zone transfer so that it can achieve 
maximum compression and efficiency. Accepts the values: 
e 0 - Uses maximum compression and is compatible 
with BIND versions 4.9.4 and later only 
e 1 - Sends only one resource record per message to 
non-Microsoft DNS servers and is compatible with 
BIND versions earlier than 4.9.4. This is the default 
setting. 


Determines the source from which the DNS server gets its 

configuration information. Accepts the values: 

e 0 - Clears the source of configuration information. 

e 1 - Loads from the BIND file that is located in the DNS 
directory, which is %systemroot%\System32\DNS by 
default. 

e 2 - Loads from the registry. 

e 3 - Loads from AD DS and the registry. This is the 
default setting. 


Determines whether the DNS scavenging feature is enabled by 
default on newly created zones. Accepts the values: 

© 0 - Disables scavenging. This is the default setting. 

e 1 - Enables scavenging. 


PARAMETERS 


/defaultnorefreshinterval [Øx1-ØxFFFFFFFF|ØxA8] 


/defaultrefreshinterval [Øx1-ØxFFFFFFFF|ØXA8] 


/disableautoreversezones [@|1] 


/disablensrecordsautocreation [e|1] 


/dspollinginterval [e-30] 


/dstombstoneinterval [1-30] 


/ednscachetimeout [3600-15724800] 


/enableednsprobes [e|1] 


/enablednssec [@|1] 


DESCRIPTION 


Sets a period of time in which no refreshes are accepted for 
dynamically updated records. Zones on the server inherit this 
value automatically. 


To change the default value, type a value in the range of 
Ox1-0xFFFFFFFF. The default value from the server is 
OxA8. 


Sets a period of time that is allowed for dynamic updates to 
DNS records. Zones on the server inherit this value 
automatically. 

To change the default value, type a value in the range of 
Ox1-0xFFFFFFFF. The default value from the server is 
OxA8. 


Enables or disables the automatic creation of reverse lookup 

zones. Reverse lookup zones provide resolution of Internet 

Protocol (IP) addresses to DNS domain names. Accepts the 

values: 

e 0 - Enables the automatic creation of reverse lookup 
zones. This is the default setting. 


e 1 - Disables the automatic creation of reverse lookup 
zones. 


Specifies whether the DNS server automatically creates name 

server (NS) resource records for zones that it hosts. Accepts 

the values: 

e 0 - Automatically creates name server (NS) resource 
records for zones that the DNS server hosts. 


e 1 - Doesn't automatically create name server (NS) 
resource records for zones that the DNS server hosts. 


Specifies how often the DNS server polls AD DS for changes in 
active directory integrated zones. 


The amount of time in seconds to retain deleted records in AD 
DS. 


Specifies the number of seconds that extended DNS (EDNS) 
information is cached. The minimum value is 3600, and the 
maximum value is 15,724,800. The default value is 604,800 
seconds (one week). 


Enables or disables the server to probe other servers to 
determine if they support EDNS. Accepts the values: 


© 0 - Disables active support for EDNS probes. 
e 1 - Enables active support for EDNS probes. 


Enables or disables support for DNS Security Extensions 
(DNSSEC). Accepts the values: 

e 0 - Disables DNSSEC. 

e 1 - Enables DNSSEC. 


PARAMETERS 


/enableglobalnamessupport [2|1] 


/enableglobalqueryblocklist [@|1] 


/eventloglevel [@|1/2|4] 


/forwarddelegations [0|1] 


/forwardingtimeout [<seconds>] 


DESCRIPTION 


Enables or disables support for the GlobalNames zone. The 
GlobalNames zone supports resolution of single-label DNS 
names across a forest. Accepts the values: 

e 0 - Disables support for the GlobalNames zone. When 
you set the value of this command to 0, the DNS 
Server service does not resolve single-label names in 
the GlobalNames zone. 

e 1 - Enables support for the GlobalNames zone. When 
you set the value of this command to 1, the DNS 
Server service resolves single-label names in the 
GlobalNames zone. 


Enables or disables support for the global query block list that 
blocks name resolution for names in the list. The DNS Server 
service creates and enables the global query block list by 
default when the service starts the first time. To view the 
current global query block list, use the dnscmd /info 
/globalqueryblocklist command. Accepts the values: 
© 0 - Disables support for the global query block list. 
When you set the value of this command to 0, the 
DNS Server service responds to queries for names in 
the block list. 
® 1 - Enables support for the global query block list. 
When you set the value of this command to 1, the 
DNS Server service does not respond to queries for 
names in the block list. 


Determines which events are logged in the DNS server log in 
Event Viewer. Accepts the values: 
e 0 - Logs no events. 
e 1 - Logs only errors. 
e 2 - Logs only errors and warnings. 
e 4 - Logs errors, warnings, and informational events. 
This is the default setting. 


Determines how the DNS server handles a query for a 
delegated subzone. These queries can be sent either to the 
subzone that is referred to in the query or to the list of 
forwarders that is named for the DNS server. Entries in the 
setting are used only when forwarding is enabled. Accepts the 
values: 

e 0 - Automatically sends queries that refer to delegated 
subzones to the appropriate subzone. This is the 
default setting. 

e 1 - Forwards queries that refer to the delegated 
subzone to the existing forwarders. 


Determines how many seconds (0x1-0xFFFFFFFF) a DNS 
server waits for a forwarder to respond before trying another 
forwarder. The default value is 0x5, which is 5 seconds. 


PARAMETERS 


/globalneamesqueryorder [@|1] 


/globalqueryblocklist [[<name> [<name>]...] 


/isslave  [e]|1] 


/localnetpriority [e[1] 


/logfilemaxsize [<size>] 


/logfilepath [<path+logfilename>] 


/logipfilterlist <IPaddress> [,<IPaddress>...] 


DESCRIPTION 


Specifies whether the DNS Server service looks first in the 
GlobalNames zone or local zones when it resolves names. 
Accepts the values: 

e 0 - The DNS Server service attempts to resolve names 
by querying the GlobalNames zone before it queries 
the zones for which it is authoritative. 

e 1 - The DNS Server service attempts to resolve names 
by querying the zones for which it is authoritative 
before it queries the GlobalNames zone. 


Replaces the current global query block list with a list of the 
names that you specify. If you do not specify any names, this 
command clears the block list. By default, the global query 
block list contains the following items: 

e isatap 

e wpad 


The DNS Server service can remove either or both of these 
names when it starts the first time, if it finds these names in 
an existing zone. 


Determines how the DNS server responds when queries that 
it forwards receive no response. Accepts the values: 
© 0 - Specifies that the DNS server is not a subordinate. 
If the forwarder does not respond, the DNS server 
attempts to resolve the query itself. This is the default 
setting. 
e 1 - Specifies that the DNS server is a subordinate. If 
the forwarder does not respond, the DNS server 
terminates the search and sends a failure message to 
the resolver. 


Determines the order in which host records are returned when 

the DNS server has multiple host records for the same name. 

Accepts the values: 

e 0 - Returns the records in the order in which they are 
listed in the DNS database. 

e 1 - Returns the records that have similar IP network 
addresses first. This is the default setting. 


Specifies the maximum size in bytes (0x10000-0xFFFFFFFF) 
of the Dns.log file. When the file reaches its maximum size, 
DNS overwrites the oldest events. The default size is 
0x400000, which is 4 megabytes (MB). 


Specifies the path of the Dns.log file. The default path is 
%systemroot%\System32\Dns\Dns.log . You can specify a 
different path by using the format path+logfilename . 


Specifies which packets are logged in the debug log file. The 
entries are a list of IP addresses. Only packets going to and 
from the IP addresses in the list are logged. 


PARAMETERS 


/loglevel [<eventtype>] 


/maxcachesize 


/maxcachettl [<seconds>] 


/maxnegativecachettl [<seconds>] 


/namecheckflag [e[1]2|3] 


/norecursion  [e[1] 


DESCRIPTION 


Determines which types of events are recorded in the Dns.log 

file. Each event type is represented by a hexadecimal number. 

If you want more than one event in the log, use hexadecimal 

addition to add the values, and then enter the sum. Accepts 

the values: 

e 0x0 - The DNS server does not create a log. This is the 
default entry. 

e 0x10 - Logs queries and notifications. 

e 0x20 - Logs updates. 

© OxFE - Logs nonquery transactions. 

e 0x100 - Logs question transactions. 

e 0x200 - Logs answers. 

e 0x1000 - Logs send packets. 

e 0x2000 - Logs receive packets. 

e 0x4000 - Logs User Datagram Protocol (UDP) 
packets. 

e 0x8000 - Logs Transmission Control Protocol (TCP) 
packets. 

6 OxFFFF - Logs all packets. 

6 0x10000 - Logs active directory write transactions. 

e 0x20000 - Logs active directory update transactions. 

e 0x1000000 - Logs full packets. 

e 0x80000000 - Logs write-through transactions. 


Specifies the maximum size, in kilobytes (KB), of the DNS 
server s memory cache. 


Determines how many seconds (0x0-0xFFFFFFFF) a record is 
saved in the cache. If the 0x0 setting is used, the DNS server 
doesn't cache records. The default setting is 0x15180 (86,400 
seconds or 1 day). 


Specifies how many seconds (0x1-0xFFFFFFFF) an entry that 
records a negative answer to a query remains stored in the 
DNS cache. The default setting is 0x384 (900 seconds). 


Specifies which character standard is used when checking DNS 
names. Accepts the values: 
e 0 - Uses ANSI characters that comply with Internet 
Engineering Task force (IETF) Request for Comments 
(Rfcs). 
e 1 - Uses ANSI characters that do not necessarily 
comply with IETF Rfcs. 
e 2 - Uses multibyte UCS Transformation format 8 (UTF- 
8) characters. This is the default setting. 
e 3 - Uses all characters. 


Determines whether a DNS server performs recursive name 
resolution. Accepts the values: 
e 0 - The DNS server performs recursive name 
resolution if it is requested in a query. This is the 
default setting. 
e 1 - The DNS server does not perform recursive name 
resolution. 


PARAMETERS 


/notcp 


/recursionretry [<seconds>] 


/recursiontimeout [<seconds>] 


/roundrobin [@|1] 


/rpcprotocol [e@x@|ex1|@x2|ex4|OxFFFFFFFF] 


/scavenginginterval [<hours>] 


/secureresponses [2|1] 


/sendport [<port>] 


DESCRIPTION 


This parameter is obsolete, and it has no effect in current 
versions of Windows Server. 


Determines the number of seconds (0x1-OxFFFFFFFF) that a 
DNS server waits before again trying to contact a remote 
server. The default setting is 0x3 (three seconds). This value 
should be increased when recursion occurs over a slow wide 
area network (WAN) link. 


Determines the number of seconds (0x1-OxFFFFFFFF) that a 
DNS server waits before discontinuing attempts to contact a 
remote server. The settings range from 0x1 through 
OxFFFFFFFF. The default setting is OxF (15 seconds). This 
value should be increased when recursion occurs over a slow 
WAN link. 


Determines the order in which host records are returned when 
a server has multiple host records for the same name. Accepts 
the values: 
e 0 - The DNS server does not use round robin. Instead, 
it returns the first record to every query. 
e 1 - The DNS server rotates among the records that it 
returns from the top to the bottom of the list of 
matching records. This is the default setting. 


Specifies the protocol that remote procedure call (RPC) uses 
when it makes a connection from the DNS server. Accepts the 
values: 

e 0x0 - Disables RPC for DNS. 

© 0x01 - Uses TCP/IP 

e 0x2 - Uses named pipes. 

© 0x4 - Uses local procedure call (LPC). 

e OxFFFFFFFF - All protocols. This is the default setting. 


Determines whether the scavenging feature for the DNS 
server is enabled, and sets the number of hours (0x0- 
OxFFFFFFFF) between scavenging cycles. The default setting 
is 0x0, which disables scavenging for the DNS server. A setting 
greater than 0x0 enables scavenging for the server and sets 
the number of hours between scavenging cycles. 


Determines whether DNS filters records that are saved in a 

cache. Accepts the values: 

© 0 - Saves all responses to name queries to a cache. 
This is the default setting. 

@ 1 - Saves only the records that belong to the same 
DNS subtree to a cache. 


Specifies the port number (0xO-OxFFFFFFFF) that DNS uses 
to send recursive queries to other DNS servers. The default 
setting is 0x0, which means that the port number is selected 
randomly. 


PARAMETERS 


/serverlevelplugindll [<dllpath>] 


/strictfileparsing [@|1] 


/updateoptions <RecordValue> 


DESCRIPTION 


Specifies the path of a custom plug-in. When Dllpath specifies 
the fully qualified path name of a valid DNS server plug-in, the 
DNS server calls functions in the plug-in to resolve name 
queries that are outside the scope of all locally hosted zones. If 
a queried name is out of the scope of the plug-in, the DNS 
server performs name resolution using forwarding or 
recursion, as configured. If Dllpath is not specified, the DNS 
server ceases to use a custom plug-in if a custom plug-in was 
previously configured. 


Determines a DNS server's behavior when it encounters an 

erroneous record while loading a zone. Accepts the values: 

@ 0 - The DNS server continues to load the zone even if 
the server encounters an erroneous record. The error 
is recorded in the DNS log. This is the default setting. 

e 1 - The DNS server stops loading the zone, and it 
records the error in the DNS log. 


Prohibits dynamic updates of specified types of records. If you 
want more than one record type to be prohibited in the log, 
use hexadecimal addition to add the values, and then enter 
the sum. Accepts the values: 

e 0x0 - Doesn't restrict any record types. 

e Ox1 - Excludes start of authority (SOA) resource 
records. 

e 0x2 - Excludes name server (NS) resource records. 

@ 0x4 - Excludes delegation of name server (NS) 
resource records. 

e 0x8 - Excludes server host records. 

e 0x100 - During secure dynamic update, excludes start 
of authority (SOA) resource records. 

e 0x200 - During secure dynamic update, excludes root 
name server (NS) resource records. 

e 0x30F - During standard dynamic update, excludes 
name server (NS) resource records, start of authority 
(SOA) resource records, and server host records. 

During secure dynamic update, excludes root name 
server (NS) resource records and start of authority 
(SOA) resource records. Allows delegations and server 
host updates. 

e 0x400 - During secure dynamic update, excludes 
delegation name server (NS) resource records. 

e 0x800 - During secure dynamic update, excludes 
server host records. 

e 0x1000000 - Excludes delegation signer (DS) records. 

e 0x80000000 - Disables DNS dynamic update. 


PARAMETERS 


/writeauthorityns [ø]|1] 


/xfrconnecttimeout [<seconds>] 


Zone-level syntax 


DESCRIPTION 


Determines when the DNS server writes name server (NS) 

resource records in the Authority section of a response. 

Accepts the values: 

© O - Writes name server (NS) resource records in the 
Authority section of referrals only. This setting complies 
with Rfc 1034, Domain names concepts and facilities, 
and with Rfc 2181, Clarifications to the DNS 
Specification. This is the default setting. 

e@ 1 - Writes name server (NS) resource records in the 
Authority section of all successful authoritative 
responses. 


Determines the number of seconds (0x0-OxFFFFFFFF) a 
primary DNS server waits for a transfer response from its 
secondary server. The default value is 0x1E (30 seconds). After 
the time-out value expires, the connection is terminated. 


Modifies the configuration of the specified zone. The zone name must be specified only for zone-level parameters. 


dnscmd /config <parameters> 


Parameters 


PARAMETERS 


<parameter> 


/aging <zonename> 


/allownsrecordsautocreation <zonename> [value] 


/allowupdate <zonename> 


/forwarderslave <zonename> 


/forwardertimeout <zonename> 


/norefreshinterval <zonename> 


/refreshinterval <zonename> 


DESCRIPTION 


Specify a setting, a Zone name, and, as an option, a value. 
Parameter values use this syntax: 


zonename parameter [value] . 


Enables or disables scavenging in a specific zone. 


Overrides the DNS server's name server (NS) resource record 
autocreation setting. Name server (NS) resource records that 
were previously registered for this zone are not affected. 
Therefore, you must remove them manually if you do not 
want them. 


Determines whether the specified zone accepts dynamic 
updates. 


Overrides the DNS server /isslave setting. 


Determines how many seconds a DNS zone waits for a 
forwarder to respond before trying another forwarder. This 
value overrides the value that is set at the server level. 


Sets a time interval for a zone during which no refreshes can 
dynamically update DNS records in a specified zone. 


Sets a time interval for a zone during which refreshes can 
dynamically update DNS records in a specified zone. 


PARAMETERS DESCRIPTION 


/securesecondaries <zonename> Determines which secondary servers can receive zone updates 
from the primary server for this zone. 


dnscmd /createbuiltindirectorypartitions command 


Creates a DNS application directory partition. When DNS is installed, an application directory partition for the 
service is created at the forest and domain levels. Use this command to create DNS application directory partitions 
that were deleted or never created. With no parameter, this command creates a built-in DNS directory partition for 


the domain. 


Syntax 


dnscmd [<servername>] /createbuiltindirectorypartitions [/forest] [/alldomains] 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
/forest Creates a DNS directory partition for the forest. 
/alldomains Creates DNS partitions for all domains in the forest. 


dnscmd /createdirectorypartition command 


Creates a DNS application directory partition. When DNS is installed, an application directory partition for the 
service is created at the forest and domain levels. This operation creates additional DNS application directory 
partitions. 


Syntax 


dnscmd [<servername>] /createdirectorypartition <partitionFQDN> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<partitionFQDN> The FQDN of the DNS application directory partition that will 


be created. 


dnscmd /deletedirectorypartition command 


Removes an existing DNS application directory partition. 


Syntax 


dnscmd [<servername>] /deletedirectorypartition <partitionFQDN> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<partitionFQDN> The FQDN of the DNS application directory partition that will 


be removed. 


dnscmd /directorypartitioninfo command 
Lists information about a specified DNS application directory partition. 


Syntax 


dnscmd [<servername>] /directorypartitioninfo <partitionFQDN> [/detail] 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<partitionFQDN> The FQDN of the DNS application directory partition. 
/detail Lists all information about the application directory partition. 


dnscmd /enlistdirectorypartition command 


Adds the DNS server to the specified directory partition's replica set. 


Syntax 


dnscmd [<servername>] /enlistdirectorypartition <partitionFQDN> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<partitionFQDN> The FQDN of the DNS application directory partition. 


dnscmd /enumdirectorypartitions command 


Lists the DNS application directory partitions for the specified server. 


Syntax 


dnscmd [<servername>] /enumdirectorypartitions [/custom] 


Parameters 


PARAMETERS 


<servername> 


/custom 


dnscmd /enumrecords command 


Lists the resource records of a specified node in a DNS zone. 


Syntax 


DESCRIPTION 


Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


Lists only user-created directory partitions. 


dnscmd [<servername>] /enumrecords <zonename> <nodename> [/type <rrtype> <rrdata>] [/authority] [/glue] 
[/additional] [/node | /child | /startchild<childname>] [/continue | /detail] 


Parameters 


PARAMETERS 


<servername> 


/enumrecords 


<zonename> 


<nodename> 


[/type <rrtype> <rrdata>] 


/authority 


/glue 


/additional 


/node 


DESCRIPTION 


Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


Lists resource records in the specified zone. 


Specifies the name of the zone to which the resource records 
belong. 


Specifies the name of the node of the resource records. 


Specifies the type of resource records to be listed and the type 
of data that is expected. Accepts the values: 
® <rrtype> - Specifies the type of resource records to 
be listed. 
e <rrdata> - Specifies the type of data that is expected 
record. 


Includes authoritative data. 


Includes glue data. 


Includes all additional information about the listed resource 
records. 


Lists only the resource records of the specified node. 


PARAMETERS DESCRIPTION 


/child Lists only the resource records of a specified child domain. 
/startchild <childname> Begins the list at the specified child domain. 
/continue Lists only the resource records with their type and data. 
/detail Lists all information about the resource records. 

Example 


dnscmd /enumrecords test.contoso.com test /additional 


dnscmd /enumzones command 


Lists the zones that exist on the specified DNS server. The enumzones parameters act as filters on the list of zones. 
If no filters are specified, a complete list of zones is returned. When a filter is specified, only the zones that meet 


that filter's criteria are included in the returned list of zones. 


Syntax 


dnscmd [<servername>] /enumzones [/primary | /secondary | /forwarder | /stub | /cache | /auto-created] 
[/forward | /reverse | /ds | /file] [/domaindirectorypartition | /forestdirectorypartition | 
/customdirectorypartition | /legacydirectorypartition | /directorypartition <partitionFQDN>] 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 

address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 

/primary Lists all zones that are either standard primary zones or active 
directory integrated zones. 

/secondary Lists all standard secondary zones. 

/forwarder Lists zones that forward unresolved queries to another DNS 
server. 

/stub Lists all stub zones. 

/cache Lists only the zones that are loaded into the cache. 

/auto-created] Lists the zones that were created automatically during the 
DNS server installation. 

/forward Lists forward lookup zones. 

/reverse Lists reverse lookup zones. 


/ds Lists active directory integrated zones. 


PARAMETERS DESCRIPTION 


/file Lists zones that are backed by files. 
/domaindirectorypartition Lists zones that are stored in the domain directory partition. 
/forestdirectorypartition Lists zones that are stored in the forest DNS application 


directory partition. 


/customdirectorypartition Lists all zones that are stored in a user-defined application 
directory partition. 


/legacydirectorypartition Lists all zones that are stored in the domain directory 
partition. 
/directorypartition <partitionFQDN> Lists all zones that are stored in the specified directory 
partition. 
Examples 


e Example 2: Display a complete list of zones on a DNS server) 


e Example 3: Display a list of autocreated zones on a DNS server 


dnscmd /exportsettings command 


Creates a text file that lists the configuration details of a DNS server. The text file is named DnsSettings.txt It is 
located in the %systemroot%\system32\dns_ directory of the server. You can use the information in the file that 
dnscmd /exportsettings creates to troubleshoot configuration problems or to ensure that you have configured 
multiple servers identically. 


Syntax 


dnscmd [<servername>] /exportsettings 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 


address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


dnscmd /info command 


Displays settings from the DNS section of the registry of the specified server 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters . To display zone-level registry settings, use 


the dnscmd zoneinfo command. 


Syntax 
dnscmd [<servername>] /info [<settings>] 


Parameters 


PARAMETERS DESCRIPTION 


<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


<settings> Any setting that the info command returns can be specified 
individually. If a setting is not specified, a report of common 
settings is returned. 


Example 


e Example 4: Display the IsSlave setting from a DNS server 


e Example 5: Display the RecursionTimeout setting from a DNS server 


dnscmd /ipvalidate command 


Tests whether an IP address identifies a functioning DNS server or whether the DNS server can act as a forwarder, 


a root hint server, or a primary server for a specific zone. 


Syntax 
dnscmd [<servername>] /ipvalidate <context> [<zonename>] [[<IPaddress>]] 


Parameters 


PARAMETERS DESCRIPTION 


<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


<context> Specifies the type of test to perform. You can specify any of 
the following tests: 

e /dnsservers - Tests that the computers with the 
addresses that you specify are functioning DNS 
servers. 

e /forwarders - Tests that the addresses that you 
specify identify DNS servers that can act as forwarders. 

e /roothints - Tests that the addresses that you specify 
identify DNS servers that can act as root hint name 
servers. 

e /zonemasters - Tests that the addresses that you 
specify identify DNS servers that are primary servers 
for zonename. 


<zonename> Identifies the zone. Use this parameter with the 
/zonemasters parameter. 


<IPaddress> Specifies the IP addresses that the command tests. 
Examples 


nscmd dnssvri.contoso.com /ipvalidate /dnsservers 10.0.0.1 10.0.0.2 
dnscmd dnssvri.contoso.com /ipvalidate /zonemasters corp.contoso.com 10.0.0.2 


dnscmd /nodedelete command 


Deletes all records for a specified host. 


Syntax 


dnscmd [<servername>] /nodedelete <zonename> <nodename> [/tree] [/f] 


Parameters 


PARAMETERS 


<servername> 


<zonename> 
<nodename> 
/tree 


/f 


Example 


Example 6: Delete the records from a node 


dnscmd /recordadd command 


Adds a record to a specified zone in a DNS server. 


Syntax 


DESCRIPTION 


Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


Specifies the name of the zone. 


Specifies the host name of the node to delete. 


Deletes all the child records. 


Executes the command without asking for confirmation. 


dnscmd [<servername>] /recordadd <zonename> <nodename> <rrtype> <rrdata> 


Parameters 


PARAMETERS 


<servername> 


<zonename> 


<nodename> 


<rrtype> 


<rrdata> 


DESCRIPTION 


Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


Specifies the zone in which the record resides. 


Specifies a specific node in the zone. 


Specifies the type of record to be added. 


Specifies the type of data that is expected. 





NOTE 


After you add a record, make sure that you use the correct data type and data format. For a list of resource record types and 


the appropriate data types, see Dnscmd Examples. 





Examples 


dnscmd dnssvri.contoso.com /recordadd test A 10.0.0.5 


dnscmd /recordadd test.contoso.com test MX 10 mailserver.test.contoso.com 


dnscmd /recorddelete command 


Deletes a resource record to a specified zone. 


Syntax 


dnscmd [<servername>] /recorddelete <zonename> <nodename> <rrtype> <rrdata> [/f] 


Parameters 


PARAMETERS 


<servername> 


<zonename> 


<nodename> 


<rrtype> 


<rrdata> 


/f 


Examples 


DESCRIPTION 


Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


Specifies the zone in which the resource record resides. 


Specifies a name of the host. 


Specifies the type of resource record to be deleted. 


Specifies the type of data that is expected. 


Executes the command without asking for confirmation. 
Because nodes can have more than one resource record, this 
command requires you to be very specific about the type of 
resource record that you want to delete. If you specify a data 
type and you do not specify a type of resource record data, all 
records with that specific data type for the specified node are 
deleted. 


dnscmd /recorddelete test.contoso.com test MX 10 mailserver.test.contoso.com 


dnscmd /resetforwarders command 


Selects or resets the IP addresses to which the DNS server forwards DNS queries when it cannot resolve them 


locally. 


Syntax 


dnscmd [<servername>] /resetforwarders <IPaddress> [,<IPaddress>]...][/timeout <timeout>] [/slave | /noslave] 


Parameters 


PARAMETERS DESCRIPTION 


<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


<IPaddress> Lists the IP addresses to which the DNS server forwards 
unresolved queries. 


/timeout <timeout> Sets the number of seconds that the DNS server waits for a 
response from the forwarder. By default, this value is five 
seconds. 


/slave Prevents the DNS server from performing its own iterative 
queries if the forwarder fails to resolve a query. 


/noslave Allows the DNS server to perform its own iterative queries if 
the forwarder fails to resolve a query. This is the default 
setting. 


/f Executes the command without asking for confirmation. 
Because nodes can have more than one resource record, this 
command requires you to be very specific about the type of 
resource record that you want to delete. If you specify a data 
type and you do not specify a type of resource record data, all 
records with that specific data type for the specified node are 
deleted. 


Remarks 


e By default, a DNS server performs iterative queries when it cannot resolve a query. 


e Setting IP addresses by using the resetforwarders command causes the DNS server to perform recursive 
queries to the DNS servers at the specified IP addresses. If the forwarders don't resolve the query, the DNS 
server can then perform its own iterative queries. 


e Ifthe /slave parameter is used, the DNS server does not perform its own iterative queries. This means that 
the DNS server forwards unresolved queries only to the DNS servers in the list, and it does not attempt 
iterative queries if the forwarders do not resolve them. It is more efficient to set one IP address as a 
forwarder for a DNS server. You can use the resetforwarders command for internal servers in a network 


to forward their unresolved queries to one DNS server that has an external connection. 


e Listing a forwarder's IP address twice causes the DNS server to attempt to forward to that server twice. 


Examples 


dnscmd dnssvri.contoso.com /resetforwarders 10.0.0.1 /timeout 7 /slave 
dnscmd dnssvri.contoso.com /resetforwarders /noslave 


dnscmd /resetlistenaddresses command 


Specifies the IP addresses on a server that listens for DNS client requests. By default, all IP addresses on a DNS 
server listen for client DNS requests. 


Syntax 


dnscmd [<servername>] /resetlistenaddresses <listenaddress> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<listenaddress> Specifies an IP address on the DNS server that listens for DNS 
client requests. If no listen address is specified, all IP addresses 
on the server listen for client requests. 
Examples 


dnscmd dnssvri.contoso.com /resetlistenaddresses 10.0.0.1 


dnscmd /startscavenging command 


Tells a DNS server to attempt an immediate search for stale resource records in a specified DNS server. 


Syntax 


dnscmd [<servername>] /startscavenging 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
Remarks 
e Successful completion of this command starts a scavenge immediately. If the scavenge fails, no warning 


message appears. 


Although the command to start the scavenge appears to complete successfully, the scavenge does not start 
unless the following preconditions are met: 


© Scavenging is enabled for both the server and the zone. 
o The zone is started. 
o The resource records have a time stamp. 


For information about how to enable scavenging for the server, see the scavenginginterval parameter 
under Server-level syntax in the /config section. 


For information about how to enable scavenging for the zone, see the aging parameter under Zone-level 
syntax in the /config section. 


For information about how to restart a paused zone, see the zoneresume parameter in this article. 


For information about how to check resource records for a time stamp, see the ageallrecords parameter in 


this article. 


Examples 


dnscmd dnssvri.contoso.com /startscavenging 


dnscmd /statistics command 


Displays or clears data for a specified DNS server. 


Syntax 
dnscmd [<servername>] /statistics [<statid>] [/clear] 


Parameters 


PARAMETERS 


<servername> 


<statid> 


Examples 


e@ Example 7: 


e Example 8: Display NbstatMem statistics for a DNS server 


DESCRIPTION 


Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


Specifies which statistic or combination of statistics to display. 
The statistics command displays counters that begin on the 
DNS server when it is started or resumed. An identification 
number is used to identify a statistic. If no statistic ID number 
is specified, all statistics display. The numbers that can be 
specified, along with the corresponding statistic that displays, 
can include: 

e 00000001 - Time 

e 00000002 - Query 

e 00000004 - Query2 

© 00000008 - Recurse 

e 00000010 - Master 

© 00000020 - Secondary 

e 00000040 - WINS 

e 00000100 - Update 

e 00000200 - SkwanSec 

e 00000400 - Ds 

e 00010000 - Memory 

e 00100000 - PacketMem 

e 00040000 - Dbase 

e 00080000 - Records 

e 00200000 - NbstatMem 

e /clear - Resets the specified statistics counter to zero. 


dnscmd /unenlistdirectorypartition command 


Removes the DNS server from the specified directory partition's replica set. 


Syntax 


dnscmd [<servername>] /unenlistdirectorypartition <partitionFQDN> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<partitionFQDN> The FQDN of the DNS application directory partition that will 


be removed. 


dnscmd /writebackfiles command 


Checks the DNS server memory for changes, and writes them to persistent storage. The writebackfiles command 
updates all dirty zones or a specified zone. A zone is dirty when there are changes in memory that haven't yet been 
written to persistent storage. This is a server-level operation that checks all zones. You can specify one zone in this 
operation or you can use the zonewriteback operation. 


Syntax 


dnscmd [<servername>] /writebackfiles <zonename> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<zonename> Specifies the name of the zone to be updated. 
Examples 


dnscmd dnssvri.contoso.com /writebackfiles 


dnscmd /zoneadd command 


Adds a zone to the DNS server. 


Syntax 


dnscmd [<servername>] /zoneadd <zonename> <zonetype> [/dp <FQDN> | {/domain | enterprise | legacy}] 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 


address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


PARAMETERS 


<zonename> 


<zonetype> 


<FQDN> 


/domain 


/enterprise 


/legacy 


Examples 


DESCRIPTION 


Specifies the name of the zone. 


Specifies the type of zone to create. Specifying a zone type of 
/forwarder or /dsforwarder creates a zone that performs 
conditional forwarding. Each zone type has different required 
parameters: 


/dsprimary - Creates an active directory integrated 
zone. 
/primary /file <filename> - Creates a standard 
primary zone, and specifies the name of the file that 
will store the zone information. 
/secondary 

<masterIPaddress> [<masterIPaddress>...] - 
Creates a standard secondary zone. 
/stub <masterIPaddress> [<masterIPaddress>...] 
/file <filename> - Creates a file-backed stub zone. 
/dsstub 

<masterIPaddress> [<masterIPaddress>...] - 
Creates an active directory integrated stub zone. 
/forwarder 

<masterIPaddress> [<masterIPaddress>] ... /file 

<filename> - Specifies that the created zone 
forwards unresolved queries to another DNS server. 
/dsforwarder - Specifies that the created active 
directory integrated zone forwards unresolved queries 
to another DNS server. 


Specifies FQDN of the directory partition. 


Stores the zone on the domain directory partition. 


Stores the zone on the enterprise directory partition. 


Stores the zone on a legacy directory partition. 


dnscmd dnssvri.contoso.com /zoneadd test.contoso.com /dsprimary 


dnscmd dnssvri.contoso.com /zoneadd secondtest.contoso.com /secondary 10.0.0.2 


dnscmd /zonechangedirectorypartition command 


Changes the directory partition on which the specified zone resides. 


Syntax 


dnscmd [<servername>] /zonechangedirectorypartition <zonename> {[<newpartitionname>] | [<zonetype>]} 


Parameters 


PARAMETERS 


DESCRIPTION 


PARAMETERS DESCRIPTION 


<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


<zonename> The FQDN of the current directory partition on which the 
zone resides. 


<newpartitionname> The FQDN of the directory partition that the zone will be 
moved to. 
<zonetype> Specifies the type of directory partition that the zone will be 
moved to. 
/domain Moves the zone to the built-in domain directory partition. 
/forest Moves the zone to the built-in forest directory partition. 
/legacy Moves the zone to the directory partition that is created for 


pre active directory domain controllers. These directory 
partitions are not necessary for native mode. 


dnscmd /zonedelete command 


Deletes a specified zone. 


Syntax 


dnscmd [<servername>] /zonedelete <zonename> [/dsdel] [/f] 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<zonename> Specifies the name of the zone to be deleted. 
/dsdel Deletes the zone from Azure Directory Domain Services (AD 
DS). 
/f Runs the command without asking for confirmation. 
Examples 


e Example 9: Delete a zone from a DNS server 


dnscmd /zoneexport command 


Creates a text file that lists the resource records of a specified zone. The zoneexport operation creates a file of 
resource records for an active directory integrated zone for troubleshooting purposes. By default, the file that this 
command creates is placed in the DNS directory, which is by default the %systemroot%/System32/Dns directory. 


Syntax 


dnscmd [<servername>] /zoneexport <zonename> <zoneexportfile> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<zonename> Specifies the name of the zone. 
<zoneexportfile> Specifies the name of the file to create. 
Examples 


e Example 10: Export zone resource records list to a file 


dnscmd /zoneinfo 


Displays settings from the section of the registry of the specified zone: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters \Zones\<zonename> 


Syntax 


dnscmd [<servername>] /zoneinfo <zonename> [<setting>] 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<zonename> Specifies the name of the zone. 
<setting> You can individually specify any setting that the zoneinfo 
command returns. If you don't specify a setting, all settings 
are returned. 
Remarks 


e To display server-level registry settings, use the /info command. 


e To see a list of settings that you can display with this command, see the /config command. 


Examples 


e Example 11: Display Refreshinterval setting from the registry 


e Example 12: Display Aging setting from the registry 


dnscmd /zonepause command 
Pauses the specified zone, which then ignores query requests. 


Syntax 


dnscmd [<servername>] /zonepause <zonename> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<zonename> Specifies the name of the zone to be paused. 
Remarks 


e To resume a zone and make it available after it has been paused, use the /zoneresume command. 


Examples 


dnscmd dnssvri1.contoso.com /zonepause test.contoso.com 


dnscmd /zoneprint command 
Lists the records in a zone. 


Syntax 


dnscmd [<servername>] /zoneprint <zonename> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<zonename> Specifies the name of the zone to be listed. 


dnscmd /zonerefresh command 


Forces a secondary DNS zone to update from the master zone. 


Syntax 


dnscmd [<servername>] /zonerefresh <zonename> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 


address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


<zonename> Specifies the name of the zone to be refreshed. 


Remarks 

e Thezonerefresh command forces a check of the version number in the primary server s start of authority 
(SOA) resource record. If the version number on the primary server is higher than the secondary server's 
version number, a zone transfer is initiated that updates the secondary server. If the version number is the 
same, no zone transfer occurs. 


e The forced check occurs by default every 15 minutes. To change the default, use the 


dnscmd config refreshinterval command. 


Examples 


dnscmd dnssvri.contoso.com /zonerefresh test.contoso.com 


dnscmd /zonereload command 


Copies zone information from its source. 


Syntax 


dnscmd [<servername>] /zonereload <zonename> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<zonename> Specifies the name of the zone to be reloaded. 
Remarks 


e Ifthe zone is active directory integrated, it reloads from Active Directory Domain Services (AD DS). 


e |f the zone is a standard file-backed zone, it reloads from a file. 


Examples 


dnscmd dnssvri.contoso.com /zonereload test.contoso.com 


dnscmd /zoneresetmasters command 
Resets the IP addresses of the primary server that provides zone transfer information to a secondary zone. 


Syntax 


dnscmd [<servername>] /zoneresetmasters <zonename> [/local] [<IPaddress> [<IPaddress>]...] 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 


address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


PARAMETERS 


<zonename> 


/local 


<IPaddress> 


Remarks 


DESCRIPTION 


Specifies the name of the zone to be reset. 


Sets a local master list. This parameter is used for active 
directory integrated zones. 


The IP addresses of the primary servers of the secondary 
zone. 


e This value is originally set when the secondary zone is created. Use the zoneresetmasters command on the 


secondary server. This value has no effect if it is set on the master DNS server. 


Examples 


dnscmd dnssvri.contoso.com /zoneresetmasters test.contoso.com 10.0.0.1 


dnscmd dnssvri.contoso.com /zoneresetmasters test.contoso.com /local 


dnscmd /zoneresetscavengeservers command 


Changes the IP addresses of the servers that can scavenge the specified zone. 


Syntax 


dnscmd [<servername>] /zoneresetscavengeservers <zonename> [/local] [<IPaddress> [<IPaddress>]...] 


Parameters 


PARAMETERS 


<servername> 


<zonename> 


/local 


<IPaddress> 


Remarks 


DESCRIPTION 


Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


Specifies the zone to scavenge. 


Sets a local master list. This parameter is used for active 
directory integrated zones. 


Lists the IP addresses of the servers that can perform the 
scavenge. If this parameter is omitted, all servers that host 
this zone can scavenge it. 


e By default, all servers that host a zone can scavenge that zone. 


e If azoneis hosted on more than one DNS server, you can use this command to reduce the number of times 


a zone is scavenged. 


e Scavenging must be enabled on the DNS server and zone that is affected by this command. 


Examples 


dnscmd dnssvr1.contoso.com /zoneresetscavengeservers test.contoso.com 10.0.0.1 10.0.0.2 


dnscmd /zoneresetsecondaries command 


Specifies a list of IP addresses of secondary servers to which a primary server responds when it is asked for a zone 


transfer. 


Syntax 


dnscmd [<servername>] /zoneresetsecondaries <zonename> {/noxfr | /nonsecure | /securens | /securelist 


<securityIPaddresses>} {/nonotify | /notify | /notifylist <notifyIPaddresses>} 


Parameters 


PARAMETERS 


<servername> 


<zonename> 


/local 


/noxfr 


/nonsecure 


/securens 


/securelist 


<securityIPaddresses> 


/nonotify 


/notify 


/notifylist 


<notifyIPaddresses> 


Remarks 


DESCRIPTION 


Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


Specifies the name of the zone that will have its secondary 
servers reset. 


Sets a local master list. This parameter is used for active 
directory integrated zones. 


Specifies that no zone transfers are allowed. 


Specifies that all zone transfer requests are granted. 


Specifies that only the server that is listed in the name server 
(NS) resource record for the zone is granted a transfer. 


Specifies that zone transfers are granted only to the list of 
servers. This parameter must be followed by an IP address or 
addresses that the primary server uses. 


Lists the IP addresses that receive zone transfers from the 
primary server. This parameter is used only with the 
/securelist parameter. 


Specifies that no change notifications are sent to secondary 
servers. 


Specifies that change notifications are sent to all secondary 
servers. 


Specifies that change notifications are sent to only the list of 
servers. This command must be followed by an IP address or 
addresses that the primary server uses. 


Specifies the IP address or addresses of the secondary server 
or servers to which change notifications are sent. This list is 
used only with the /notifylist parameter. 


e Use the zoneresetsecondaries command on the primary server to specify how it responds to zone transfer 


requests from secondary servers. 


Examples 


dnscmd dnssvri.contoso.com /zoneresetsecondaries test.contoso.com /noxfr /nonotify 


dnscmd dnssvri.contoso.com /zoneresetsecondaries test.contoso.com /securelist 11.0.0.2 


dnscmd /zoneresettype command 


Changes the type of the zone. 


Syntax 


dnscmd [<servername>] /zoneresettype <zonename> <zonetype> [/overwrite_mem | /overwrite_ds] 


Parameters 


PARAMETERS 


<servername> 


<zonename> 


<zonetype> 


/overwrite_mem 


/overwrite_ds 


Remarks 


DESCRIPTION 


Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


Identifies the zone on which the type will be changed. 


Specifies the type of zone to create. Each type has different 


required parameters, including: 


/dsprimary - Creates an active directory integrated 
zone. 


/primary /file <filename> - Creates a standard 
primary zone. 
/secondary 
<masterIPaddress> [,<masterIPaddress>...] - 
Creates a standard secondary zone. 
/stub <masterIPaddress>[,<masterIPaddress>...] 
/file <filename> - Creates a file-backed stub zone. 
/dsstub 
<masterIPaddress>[,<masterIPaddress>...] - 
Creates an active directory integrated stub zone. 
/forwarder 
<masterIPaddress[,<masterIPaddress>] ... /file 
<filename> - Specifies that the created zone 
forwards unresolved queries to another DNS server. 
/dsforwarder - Specifies that the created active 
directory integrated zone forwards unresolved queries 
to another DNS server. 


Overwrites DNS data from data in AD DS. 


Overwrites existing data in AD DS. 


e Setting the zone type as /dsforwarder creates a zone that performs conditional forwarding. 


Examples 


dnscmd dnssvr1.contoso.com /zoneresettype test.contoso.com /primary /file test.contoso.com.dns 


dnscmd dnssvr1.contoso.com /zoneresettype second.contoso.com /secondary 10.0.0.2 


dnscmd /zoneresume command 


Starts a specified zone that was previously paused. 


Syntax 


dnscmd [<servername>] /zoneresume <zonename> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<zonename> Specifies the name of the zone to resume. 
Remarks 


e You can use this operation to restart from the /zonepause operation. 


Examples 


dnscmd dnssvri.contoso.com /zoneresume test.contoso.com 


dnscmd /zoneupdatefromds command 


Updates the specified active directory integrated zone from AD DS. 


Syntax 


dnscmd [<servername>] /zoneupdatefromds <zonename> 


Parameters 
PARAMETERS DESCRIPTION 
<servername> Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 
<zonename> Specifies the name of the zone to update. 
Remarks 


e Active directory integrated zones perform this update by default every five minutes. To change this parameter, 
use the dnscmd config dspollinginterval command. 


Examples 


dnscmd dnssvri.contoso.com /zoneupdatefromds 


dnscmd /zonewriteback command 


Checks DNS server memory for changes that are relevant to a specified zone, and writes them to persistent 
storage. 


Syntax 


dnscmd [<servername>] /zonewriteback <zonename> 


Parameters 


PARAMETERS 


<servername> 


<zonename> 


Remarks 


DESCRIPTION 


Specifies the DNS server to manage, represented by IP 
address, FQDN, or host name. If this parameter is omitted, the 
local server is used. 


Specifies the name of the zone to update. 


@ This is a zone-level operation. You can update all zones on a DNS server by using the /writebackfiles 


operation. 


Examples 


dnscmd dnssvri.contoso.com /zonewriteback test.contoso.com 


Additional References 


e Command-Line Syntax Key 


doskey 


11/2/2020 * 8 minutes to read * Edit Online 





Calls Doskey.exe, which recalls previously entered command-line commands, edits command lines, and creates 


macros. 


Syntax 


doskey [/reinstall] [/listsize=<size>] [/macros:[all | <exename>] [/history] [/insert | /overstrike] 


[/exename=<exename>] [/macrofile=<filename>] [<macroname>=[<text>] ] 


Parameters 


PARAMETER 


/reinstall 


/listsize= <size> 


/macros 


/macrosi:all 


/macros: <exename> 


/history 


/insert 


/overstrike 


/exename= <exename> 


/macrofile= <filename> 


<macroname> =[ <text> ] 


L 


DESCRIPTION 


Installs a new copy of Doskey.exe and clears the command 
history buffer. 


Specifies the maximum number of commands in the history 
buffer. 


Displays a list of all doskey macros. You can use the 
redirection symbol ( > ) with /macros to redirect the list to a 
file. You can abbreviate /macros to /m. 


Displays doskey macros for all executables. 


Displays doskey macros for the executable specified by 
exename. 


Displays all commands that are stored in memory. You can use 
the redirection symbol ( > ) with /history to redirect the list 
to a file. You can abbreviate /history as /h. 


Specifies that new text you type is inserted in old text. 


Specifies that new text overwrites old text. 


Specifies the program (that is, executable) in which the 
doskey macro runs. 


Specifies a file that contains the macros that you want to 
install. 


Creates a macro that carries out the commands specified by 
Text. MacroName specifies the name you want to assign to the 
macro. Text specifies the commands you want to record. If Text 
is left blank, MacroName is cleared of any assigned 
commands. 


Displays help at the command prompt. 


Remarks 

e Certain character-based, interactive programs, such as program debuggers or file transfer programs (FTP) 
automatically use Doskey.exe. To use Doskey.exe, a program must be a console process and use buffered 
input. Program key assignments override doskey key assignments. For example, if the program uses the F7 
key for a function, you cannot get adoskey command history in a pop-up window. 


e You can use Doskey.exe to edit the current command line, but you can't use the command-line options from 
a program's command prompt. You must run doskey command-line options before you start a program. If 
you use Doskey.exe within a program, that program's key assignments take precedence and some 
Doskey.exe editing keys might not work. 


e With Doskey.exe, you can maintain a command history for each program that you start or repeat. You can 
edit previous commands at the program's prompt, and start doskey macros created for the program. If you 
exit and then restart a program from the same Command Prompt window, the command history from the 


previous program session is available. 


e To recall a command, you can use any of the following keys after you start Doskey.exe: 


KEY DESCRIPTION 

UP ARROW Recalls the command that you used before the one that is 
displayed. 

DOWN ARROW Recalls the command that you used after the one that is 
displayed. 

PAGE UP Recalls the first command that you used in the current 
session. 

PAGE DOWN Recalls the most recent command that you used in the 


current session. 


e The following table lists doskey editing keys and their functions: 


KEY OR KEY COMBINATION DESCRIPTION 

LEFT ARROW Moves the insertion point back one character. 

RIGHT ARROW Moves the insertion point forward one character. 
CTRL+LEFT ARROW Moves the insertion point back one word. 

CTRL+RIGHT ARROW Moves the insertion point forward one word. 

HOME Moves the insertion point to the beginning of the line. 
END Moves the insertion point to the end of the line. 

ESC Clears the command from the display. 

F1 Copies one character from a column in the template to the 


same column in the Command Prompt window. (The 
template is a memory buffer that holds the last command 
you typed.) 


KEY OR KEY COMBINATION 


F2 


F3 


F4 


F5 


F6 


F7 


ALT+F7 


F8 


F9 


ALT+F10 


DESCRIPTION 


Searches forward in the template for the next key that you 
type after you press F2. Doskey.exe inserts the text from 
the template—up to, but not including, the character you 


specify. 


Copies the remainder of the template to the command 
line. Doskey.exe begins copying characters from the 
position in the template that corresponds to the position 
indicated by the insertion point on the command line. 


Deletes all characters from the current insertion point 
position up to, but not including, the next occurrence of 
the character that you type after you press F4. 


Copies the template into the current command line. 


Places an end-of-file character (CTRL+Z) at the current 
insertion point position. 


Displays (in a dialog box) all commands for this program 
that are stored in memory. Use the UP ARROW key and 
the DOWN ARROW key to select the command you want, 
and press ENTER to run the command. You can also note 
the sequential number in front of the command and use 
this number in conjunction with the F9 key. 


Deletes all commands stored in memory for the current 
history buffer. 


Displays all commands in the history buffer that start with 
the characters in the current command. 


Prompts you for a history buffer command number, and 
then displays the command associated with the number 
that you specify. Press ENTER to run the command. To 
display all the numbers and their associated commands, 
press F7. 


Deletes all macro definitions. 


If you press the INSERT key, you can type text on the doskey command line in the midst of existing text 


without replacing the text. However, after you press ENTER, Doskey.exe returns your keyboard to Replace 


mode. You must press INSERT again to return to Insert mode. 


The insertion point changes shape when you use the INSERT key to change from one mode to the other. 


If you want to customize how Doskey.exe works with a program and create doskey macros for that 


program, you can create a batch program that modifies Doskey.exe and starts the program. 


You can use Doskey.exe to create macros that carry out one or more commands. The following table lists 


special characters that you can use to control command operations when you define a macro. 


CHARACTER 


DESCRIPTION 


CHARACTER DESCRIPTION 


$G or $g Redirects output. Use either of these special characters to 
send output to a device or a file instead of to the screen. 
This character is equivalent to the redirection symbol for 
output ( > ). 


$G$G Or $g$g Appends output to the end of a file. Use either of these 
double characters to append output to an existing file 
instead of replacing the data in the file. These double 
characters are equivalent to the append redirection 
symbol for output ( >> ). 


$L or $1 Redirects input. Use either of these special characters to 
read input from a device or a file instead of from the 
keyboard. This character is equivalent to the redirection 
symbol for input ( < ). 


$B or $b Sends macro output to a command. These special 
characters are equivalent to using the pipe ( and *. 


$T |or | $t Separates commands. Use either of these special 
characters to separate commands when you create macros 
or type commands on the doskey command line. These 
special characters are equivalent to using the ampersand ( 
& ) on a command line. 


$$ Specifies the dollar-sign character ( $ ). 


$1 through $9 Represent any command-line information you want to 
specify when you run the macro. The special characters 
$1 through $9 are batch parameters that enable you 
to use different data on the command line each time you 
run the macro. The $1 character in a doskey command 
is similar to the %1 character in a batch program. 


$* Represents all the command-line information that you 
want to specify when you type the macro name. The 
special character $* is a replaceable parameter that is 
similar to the batch parameters $1 through $9 , with 


one important difference: everything you type on the 
command line after the macro name is substituted for the 
$* in the macro. 


e To run a macro, type the macro name at the command prompt, starting at the first position. If the macro was 
defined with $* or any of the batch parameters $1 through $9 , use a space to separate the parameters. 


You cannot run a doskey macro from a batch program. 


e If you always use a particular command with specific command-line options, you can create a macro that 
has the same name as the command. To specify whether you want to run the macro or the command, follow 
these guidelines: 


o Torun the macro, type the macro name at the command prompt. Do not add a space before the 


macro name. 


o To run the command, insert one or more spaces at the command prompt, and then type the 


command name. 


Examples 


The /macros and /history command-line options are useful for creating batch programs to save macros and 


commands. For example, to store all current doskey macros, type: 


doskey /macros > macinit 


To use the macros stored in Macinit, type: 


doskey /macrofile=macinit 


To create a batch program named Tmp.bat that contains recently used commands, type: 


doskey /history> tmp.bat 


To define a macro with multiple commands, use $t to separate commands, as follows: 


doskey tx=cd temp$tdir/w $* 


In the preceding example, the TX macro changes the current directory to Temp and then displays a directory listing 
in wide display format. You can use $* atthe end of the macro to append other command-line options to dir 


when you run the tx option. 


The following macro uses a batch parameter for a new directory name: 


doskey mc=md $1$tcd $1 


The macro creates a new directory and then changes to the new directory from the current directory. 


To use the preceding macro to create and change to a directory named Books, type: 


mc books 


To create a doskey macro for a program called Ftp.exe, include /exename as follows: 


doskey /exename=ftp.exe go=open 172.27.1.100$tmget *.TXT c:\reports$tbye 


To use the preceding macro, start FTP. At the FTP prompt, type: 


go 


FTP runs the open, mget, and bye commands. 


To create a macro that quickly and unconditionally formats a disk, type: 


doskey qf=format $1 /q /u 


To quickly and unconditionally format a disk in drive A, type: 


af a: 


To delete a macro called v/ist, type: 


doskey vlist = 


Additional References 


e Command-Line Syntax Key 


driverquery 
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Enables an administrator to display a list of installed device drivers and their properties. If used without 


parameters, driverquery runs on the local computer. 


Syntax 


driverquery [/s <system> [/u [<domain>\]<username> [/p <password>]]] [/fo {table | list | csv}] [/nh] [/v | 


/si] 


Parameters 


PARAMETER 


/S <system> 


/u [<domain>]<username> 


/P <password> 


/fo table 


/fo list 


/fo csv 


/nh 


N 


/si 


ft 


Examples 


DESCRIPTION 


Specifies the name or IP address of a remote computer. Do 
not use backslashes. The default is the local computer. 


Runs the command with the credentials of the user account as 
specified by user or domain\user. By default, 4s uses the 
credentials of the user who is currently logged on to the 
computer that is issuing the command. /u can't be used 
unless /s is specified. 


Specifies the password of the user account that is specified in 
the /u parameter. /p cannot be used unless /u is specified. 


Formats the output as a table. This is the default. 


Formats the output as a list. 


Formats the output with comma-separated values. 


Omits the header row from the displayed driver information. 
Not valid if the /fo parameter is set to list. 


Displays verbose output. /v is not valid for signed drivers. 


Provides information about signed drivers. 


Displays help at the command prompt. 


To display a list of installed device drivers on the local computer, type: 


driverquery 


To display the output in a comma-separated values (CSV) format, type: 


driverquery /fo csv 
To hide the header row in the output, type: 
driverquery /nh 


To use the driverquery command on a remote server named server? using your current credentials on the local 


computer, type: 
driverquery /s server1 


To use the driverquery command on a remote server named server7 using the credentials for user7 on the 


domain maindom, type: 


driverquery /s server1 /u maindom\user1 /p p@ssw3d 


Additional References 


e Command-Line Syntax Key 


echo 
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Displays messages or turns on or off the command echoing feature. If used without parameters, echo displays the 
current echo setting. 


Syntax 


echo [<message>] 
echo [on | off] 


Parameters 
PARAMETER DESCRIPTION 
[on | off] Turns on or off the command echoing feature. Command 
echoing is on by default. 
<message> Specifies the text to display on the screen. 
/? Displays help at the command prompt. 
Remarks 


e The echo <message» command is particularly useful when echo is turned off. To display a message that is 
several lines long without displaying any commands, you can include several echo <message> Commands 


after the echo off command in your batch program. 


e After echo is turned off, the command prompt doesn't appear in the Command Prompt window. To display 
the command prompt, type echo on. 


e |f used in a batch file, echo on and echo off don't affect the setting at the command prompt. 


e To prevent echoing a particular command in a batch file, insert an @ sign in front of the command. To 
prevent echoing all commands in a batch file, include the echo off command at the beginning of the file. 


e To display a pipe ( | ) or redirection character (< or > ) when you are using echo, use a caret ( * ) 
immediately before the pipe or redirection character. For example, *| , *>,or *< ). To display a caret, type 
two carets in succession ( ** ). 


Examples 


To display the current echo setting, type: 


echo 


To echo a blank line on the screen, type: 


echo. 





NOTE 


Don't include a space before the period. Otherwise, the period appears instead of a blank line. 





To prevent echoing commands at the command prompt, type: 


echo off 


NOTE 


When echo is turned off the command prompt doesn't appear in the Command Prompt window. To display the command 


prompt again, type echo on. 





To prevent all commands in a batch file (including the echo off command) from displaying on the screen, on the 
first line of the batch file type: 


@echo off 


You can use the echo command as part of an if statement. For example, to search the current directory for any file 
with the .rpt file name extension, and to echo a message if such a file is found, type: 


if exist *.rpt echo The report has arrived. 


The following batch file searches the current directory for files with the txt file name extension, and displays a 
message indicating the results of the search: 


@echo off 
if not exist *.txt ( 
echo This directory contains no text files. 
) else ( 
echo This directory contains the following text files: 
echo. 
din /bi*. txt 
) 


If no txt files are found when the batch file is run, the following message displays: 


This directory contains no text files. 


If txt files are found when the batch file is run the following output displays (for this example, assume the files 
File1 txt, File2.txt, and File3.txt exist): 


This directory contains the following text files: 
Filen. txt 
File2.txt 
File3.txt 


Additional References 


e Command-Line Syntax Key 


edit 
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Starts the MS-DOS Editor, which creates and changes ASCII text files. 


Syntax 


edit [/b] [/h] [/r] [/s] [/<nnn>] [[<drive>:][<path>]<filename> [<filename2> [...]] 


Parameters 
PARAMETER DESCRIPTION 
[<drive>:][<path>]<filename> [<filename2> [...]] Specifies the location and name of one or more ASCII text files. 
If the file doens't exist, MS-DOS Editor creates it. If the file 
exists, MS-DOS Editor opens it and displays its contents on 
the screen. The filename option can contain wildcard 
characters (* and ?). Separate multiple file names with spaces. 
/b Forces monochrome mode, so that MS-DOS Editor displays in 
black and white. 
/h Displays the maximum number of lines possible for the 
current monitor. 
fr Loads file(s) in read-only mode. 
/s Forces the use of short filenames. 
<nnn> Loads binary file(s), wrapping lines to nnn characters wide. 
/? Displays help at the command prompt. 
Remarks 


e For additional help, open MS-DOS Editor, and then press the F1 key. 


e Some monitors don't support the display of shortcut keys by default. If your monitor doesn't display 
shortcut keys, use /b. 


Examples 


To open MS-DOS Editor, type: 


edit 


To create and edit a file named newtextfile.txt in the current directory, type: 


edit newtextfile.txt 


Additional References 


e Command-Line Syntax Key 


endlocal 
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Ends localization of environment changes in a batch file, and restores environment variables to their values before 
the corresponding setlocal command was run. 


Syntax 


endlocal 
Parameters 
PARAMETER DESCRIPTION 
/? Displays help at the command prompt. 
Remarks 


e Theendlocal command has no effect outside a script or batch file. 


e There is an implicit endlocal command at the end of a batch file. 


e |f command extensions are enabled (command extensions are enabled by default), the endlocal command 
restores the state of command extensions (that is, enabled or disabled) to what it was before the 
corresponding setlocal command was run. 





NOTE 


For more information about enabling and disabling command extensions, see the Cmd command. 





Examples 


You can localize environment variables in a batch file. For example, the following program starts the superapp 
batch program on the network, directs the output to a file, and displays the file in Notepad: 


@echo off 

setlocal 

path=g: \programs\superapp; path 
call superapp>c:\superapp.out 
endlocal 

start notepad c:\superapp.out 


Additional References 


e Command-Line Syntax Key 


end restore 
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Ends a restore session and issues a PostRestore event to involved writers. 


Syntax 





end restore 





Additional References 


e Command-Line Syntax Key 


erase 
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Deletes one or more files. If you use erase to delete a file from your disk, you can't retrieve it. 





NOTE 


This command is the same as the del command. 





Syntax 


erase [/p] [/f] [/s] [/q] [/a[:]<attributes>] <names> 
del [/p] [/f] [/s] [/q] [/a[:]<attributes>] <names> 


Parameters 
PARAMETER DESCRIPTION 
<names> Specifies a list of one or more files or directories. Wildcards 
may be used to delete multiple files. If a directory is specified, 
all files within the directory will be deleted. 

/p Prompts for confirmation before deleting the specified file. 

/f Forces deletion of read-only files. 

/s Deletes specified files from the current directory and all 
subdirectories. Displays the names of the files as they are 
being deleted. 

/q Specifies quiet mode. You are not prompted for delete 
confirmation. 

/a[:] <attributes»> Deletes files based on the following file attributes: 

e r Read-only files 
e h Hidden files 
e ji Not content indexed files 
e s System files 
e a Files ready for archiving 
e | Reparse points 
e - Used as a prefix meaning ‘not’ 
/? Displays help at the command prompt. 
Remarks 


e Ifyou use the erase /p command, you'll see the following message: 
FileName, Delete (Y/N)? 


To confirm the deletion, press Y. To cancel the deletion and to display the next file name (if you specified a 


group of files), press N. To stop the erase command, press CTRL+C. 


e If you disable command extension, the /s parameter will display the names of any files that weren't found 
„instead of displaying the names of files that are being deleted. 


e |f you specify specific folders in the <names> parameter, all of the included files will also be deleted. For 


example, if you want to delete all of the files in the \work folder, type: 


erase \work 


e You can use wildcards (* and ?) to delete more than one file at a time. However, to avoid deleting files 
unintentionally, you should use wildcards cautiously. For example, if you type the following command: 


erase *.* 


The erase command displays the following prompt: 
Are you sure (Y/N)? 


To delete all of the files in the current directory, press Y and then press ENTER. To cancel the deletion, press 
N and then press ENTER. 





NOTE 


Before you use wildcard characters with the erase command, use the same wildcard characters with the dir 
command to list all the files that will be deleted. 








Examples 


To delete all the files in a folder named Test on drive C, type either of the following: 


erase c:\test 
erase c:\test\*.* 


To delete all files with the .bat file name extension from the current directory, type: 
erase *.bat 
To delete all read-only files in the current directory, type: 


erase /a:r *.* 
Additional References 


e Command-Line Syntax Key 


e del command 


eventcreate 
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Enables an administrator to create a custom event in a specified event log. 





IMPORTANT 


Custom events can't be written to the security log. 





Syntax 


eventcreate [/s <computer> [/u <domain\user> [/p <password>]] {[/1 {APPLICATION|SYSTEM}]|[/so <srcname>]} /t 
{ERROR | WARNING | INFORMATION| SUCCESSAUDIT|FAILUREAUDIT} /id <eventID> /d <description> 


Parameters 


PARAMETER 


/S <computer> 


/U <domainluser> 


/P <password> 


/| {APPLICATION | SYSTEM} 


/SO <srcname> 


Å 


(ERROR | WARNING | INFORMATION | SUCCESSAUDIT | 
FAILUREAUDIT } 


/id <eventID> 


/d <description> 


n 


Examples 


DESCRIPTION 


Specifies the name or IP address of a remote computer (do 
not use backslashes). The default is the local computer. 


Runs the command with the account permissions of the user 
specified by <user> or <domain\user> . The default is the 
permissions of the current logged on user on the computer 
issuing the command. 


Specifies the password of the user account that is specified in 
the /u parameter. 


Specifies the name of the event log where the event will be 
created. The valid log names are APPLICATION or SYSTEM. 


Specifies the source to use for the event. A valid source can be 
any string and should represent the application or component 
that is generating the event. 


Specifies the type of event to create. The valid types are 
ERROR, WARNING, INFORMATION, SUCCESSAUDIT, and 
FAILUREAUDIT. 


Specifies the event ID for the event. A valid ID is any number 
from 1 to 1000. 


Specifies the description to use for the newly created event. 


Displays help at the command prompt. 


The following examples show how you can use the eventcreate command: 


eventcreate /t 
eventcreate /t 
eventcreate /t 
eventcreate /s 
eventcreate /s 
credentials" 
eventcreate /s 
machines" 
eventcreate /s 


ERROR /id 10@ /1 application /d "Create event in application log" 

INFORMATION /id 100@ /d "Create event in WinMgmt source" 

ERROR /id 201 /so winword /1 application /d "New src Winword in application log" 

server /t ERROR /id 100 /1 application /d "Remote machine without user credentials" 
server /u user /p password /id 100 /t ERROR /1 application /d "Remote machine with user 


server1 /s server2 /u user /p password /id 100 /t ERROR /d "Creating events on Multiple remote 


server /u user /id 100 /t WARNING /d "Remote machine with partial user credentials" 


Additional References 


e Command-Line Syntax Key 


eventquery 


11/2/2020 * 2 minutes to read * Edit Online 





The eventquery command has been deprecated and isn't guaranteed to be supported in future releases of 
Windows. 


eventtriggers 


11/2/2020 * 2 minutes to read * Edit Online 





The eventtriggers command has been deprecated and isn't guaranteed to be supported in future releases of 
Windows. 


evntcmd 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Configures the translation of events to traps, trap destinations, or both based on information in a configuration file. 


Syntax 


evntcmd [/s <computername>] [/v <verbositylevel>] [/n] <filename> 


Parameters 

PARAMETER DESCRIPTION 

/S <computername> Specifies, by name, the computer on which you want to 
configure the translation of events to traps, trap destinations, 
or both. If you do not specify a computer, the configuration 
occurs on the local computer. 

/N <verbositylevel> Specifies which types of status messages appear as traps and 
trap destinations are configured. This parameter must be an 
integer between 0 and 10. If you specify 10, all types of 
messages appear, including tracing messages and warnings 
about whether trap configuration was successful. If you specify 
0, no messages appear. 

/n Specifies that the SNMP service should not be restarted if this 
computer receives trap configuration changes. 

<filename> Specifies, by name, the configuration file that contains 
information about the translation of events to traps and trap 
destinations you want to configure. 

/? Displays help at the command prompt. 

Remarks 


e if you want to configure traps but not trap destinations, you can create a valid configuration file by using 
Event to Trap Translator, which is a graphical utility. If you have the SNMP service installed, you can start 
Event to Trap Translator by typing evntwin at a command prompt. After you have defined the traps you 
want, click Export to create a file suitable for use with evntcmd. You can use Event to Trap Translator to 
easily create a configuration file and then use the configuration file with evntcmd at the command prompt 
to quickly configure traps on multiple computers. 


e The syntax for configuring a trap is as follows: 


#pragma add <eventlogfile> <eventsource> <eventID> [<count> [<period>]] 


Where the text following is true: 


o #pragma must appear at the beginning of every entry in the file. 
o The parameter add specifies that you want to add an event to trap configuration. 


o The parameters eventlogfile, eventsource, and eventID are required, and where eventlogfile 
specifies the file in which the event is recorded, eventsource specifies the application that generates 
the event and eventID specifies the unique number that identifies each event. 


To determine what values correspond to each event, start the Event to Trap Translator by typing evntwin at 
a command prompt. Click Custom, and then click edit. Under Event Sources, browse the folders until you 
locate the event you want to configure, click it, and then click add. Information about the event source, the 
event log file, and the event ID appear under Source, Log, and Trap specific ID, respectively. 


o The count parameter is optional, and it specifies how many times the event must occur before a trap 


message is sent. If you don't use this parameter, the trap message is sent after the event occurs once. 


o The period parameter is optional, but it requires you to use the count parameter. The period 
parameter specifies a length of time (in seconds) during which the event must occur the number of 
times specified with the count parameter before a trap message is sent. If you don't use this 
parameter, a trap message is sent after the event occurs the number of times specified with the count 
parameter, no matter how much time elapses between occurrences. 


The syntax for removing a trap is as follows: 


#pragma delete <eventlogfile> <eventsource> <eventID> 


Where the text following is true: 
o #pragma must appear at the beginning of every entry in the file. 
o The parameter delete specifies that you want to remove an event to trap configuration. 


o The parameters eventlogfile, eventsource, and eventID are required, and where eventlogfile 
specifies the file in which the event is recorded, eventsource specifies the application that generates 
the event and eventID specifies the unique number that identifies each event. 


To determine what values correspond to each event, start the Event to Trap Translator by typing evntwin at 
a command prompt. Click Custom, and then click edit. Under Event Sources, browse the folders until you 
locate the event you want to configure, click it, and then click add. Information about the event source, the 
event log file, and the event ID appear under Source, Log, and Trap specific ID, respectively. 


The syntax for configuring a trap destination is as follows: 


#pragma add_TRAP_DEST <communityname> <hostID> 


Where the text following is true: 
o #pragma must appear at the beginning of every entry in the file. 


o The parameter add TRAP DEST specifies that you want trap messages to be sent to a specified host 
within a community. 


o The parameter communityname specifies, by name, the community in which trap messages are 
sent. 


o The parameter hostID specifies, by name or IP address, the host to which you want trap messages to 
be sent. 


e The syntax for removing a trap destination is as follows: 
#pragma delete_TRAP_DEST <communityname> <hostID> 


Where the text following is true: 
o #pragma must appear at the beginning of every entry in the file. 


o The parameter delete_TRAP_DEST specifies that you do not want trap messages to be sent to a 
specified host within a community. 


o The parameter communityname specifies, by name, the community to which trap messages 
shouldn't be sent. 


o The parameter hostID specifies, by name or IP address, the host to which you don't want trap 
messages to be sent. 


Examples 


The following examples illustrate entries in the configuration file for the evntcmd command. They are not 


designed to be typed at a command prompt. 


To send a trap message if the Event Log service is restarted, type: 
#pragma add System Eventlog 2147489653 
To send a trap message if the Event Log service is restarted twice in three minutes, type: 
#pragma add System Eventlog 2147489653 2 180 
To stop sending a trap message whenever the Event Log service is restarted, type: 
#pragma delete System Eventlog 2147489653 
To send trap messages within the community named Publicto the host with the IP address 792.768.700.700, type: 
tpragma add TRAP DEST public 192.168.100.100 
To send trap messages within the community named Private to the host named Host1, type: 
tpragma add TRAP DEST private Host1 


To stop sending trap messages within the community named Private to the same computer on which you are 
configuring trap destinations, type: 


#pragma delete_TRAP_DEST private localhost 


Additional References 


e Command-Line Syntax Key 


exec 
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Runs a script file on the local computer. This command also duplicates or restores data as part of a backup or 
restore sequence. If the script fails, an error is returned and DiskShadow quits. 


The file can be acmd script. 


Syntax 





exec <scriptfile.cmd> 





Parameters 


PARAMETER DESCRIPTION 


Specifies the script file to run. 





Additional References 
e Command-Line Syntax Key 


e diskshadow command 


Ait 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Exits the command interpreter or the current batch script. 


Syntax 


exit [/b] [<exitcode>] 


Parameters 


PARAMETER 


/b 


<exitcode> 


nR 


Examples 
To close the command interpreter, type: 
exit 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Exits the current batch script instead of exiting Cmd.exe. If 
executed from outside a batch script, exits Cmd.exe. 


Specifies a numeric number. If /b is specified, the ERRORLEVEL 
environment variable is set to that number. If you are quitting 
the command interpreter, the process exit code is set to that 
number. 


Displays help at the command prompt. 


expand 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Expands one or more compressed files. You can also use this command to retrieve compressed files from 


distribution disks. 


The expand command can also run from the Windows Recovery Console, using different parameters. For more 


information, see Windows Recovery Environment (WinRE). 


Syntax 


expand [/r] <source> <destination> 
expand /r <source> [<destination>] 
expand /i <source> [<destination>] 
expand /d <source>.cab [/f:<files>] 
expand <source>.cab /f:<files> <destination> 


Parameters 


PARAMETER 
fr 


SOUrce 


destination 


/d 
/f: «files» 
n 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Renames expanded files. 


Specifies the files to expand. Source can consist of a drive 
letter and colon, a directory name, a file name, or a 
combination of these. You can use wildcards (* or ?). 


Specifies where files are to be expanded. 


If source consists of multiple files and you don't specify /r, 
the destination must be a directory. Destination can 
consist of a drive letter and colon, a directory name, a file 
name, or a combination of these. Destination 

file | path specification. 


Renames expanded files but ignores the directory structure. 


Displays a list of files in the source location. Doesn't expand or 
extract the files. 


Specifies the files in a cabinet (.cab) file that you want to 
expand. You can use wildcards (* or ?). 


Displays help at the command prompt. 


expand vdisk 
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Expands a virtual hard disk (VHD) to a specified size. 


Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


A VHD must be selected and detached for this operation to succeed. Use the select vdisk command to select a 
volume and shift the focus to it. 


Syntax 


expand vdisk maximum=<n> 


Parameters 


PARAMETER 


maximum= <n> 


Examples 


To expand the selected VHD to 20 GB, type: 


expand vdisk maximum=20000 


Additional References 


Command-Line Syntax Key 
select vdisk command 
attach vdisk command 
compact vdisk command 
detach vdisk command 
detail vdisk command 
merge vdisk command 


list command 


DESCRIPTION 


Specifies the new size for the VHD in megabytes (MB). 


expose 
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Exposes a persistent shadow copy as a drive letter, share, or mount point. 


Syntax 


expose <shadowID> {<drive:> | <share> | <mountpoint>} 


Parameters 
PARAMETER DESCRIPTION 
shadowlD Specifies the shadow ID of the shadow copy you want to 
expose. You can also use an existing alias or an environment 
variable in place of shadow/D. Use add without parameters to 
see existing aliases. 
<drive:> Exposes the specified shadow copy as a drive letter (for 
example, p: ). 
<share> Exposes the specified shadow copy at a share (for example, 
\\machinenane ). 
<mountpoint> Exposes the specified shadow copy to a mount point (for 
example, C:\shadowcopy ). 
Examples 


To expose the persistent shadow copy associated with the VSS_SHADOW_1 environment variable as drive X, type: 


expose %vss shadow 1% X: 


Additional References 
e Command-Line Syntax Key 


e diskshadow command 


extend 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Extends the volume or partition with focus and its file system into free (unallocated) space on a disk. 


Syntax 


extend [size=<n>] [disk=<n>] [noerr] 
extend filesystem [noerr] 


Parameters 
PARAMETER DESCRIPTION 
size= <n> Specifies the amount of space in megabytes (MB) to add to 
the current volume or partition. If no size is given, all of the 
contiguous free space that is available on the disk is used. 
disk= <n> Specifies the disk on which the volume or partition is 
extended. If no disk is specified, the volume or partition is 
extended on the current disk. 
filesystem Extends the file system of the volume with focus. For use only 
on disks where the file system was not extended with the 
volume. 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Remarks 


e On basic disks, the free space must be on the same disk as the volume or partition with focus. It must also 
immediately follow the volume or partition with focus (that is, it must start at the next sector offset). 


e On dynamic disks with simple or spanned volumes, a volume can be extended to any free space on any 
dynamic disk. Using this command, you can convert a simple dynamic volume into a spanned dynamic 
volume. Mirrored, RAID-5 and striped volumes cannot be extended. 


e If the partition was previously formatted with the NTFS file system, the file system is automatically extended 
to fill the larger partition and no data loss will occur. 


e If the partition was previously formatted with a file system other than NTFS, the command fails with no 
change to the partition. 


e If the partition was not previously formatted with a file system, the partition will still be extended. 


e The partition must have an associated volume before it can be extended. 


Examples 


To extend the volume or partition with focus by 500 megabytes, on disk 3, type: 
extend size=500 disk=3 

To extend the file system of a volume after it was extended, type: 
extend filesystem 


Additional References 


e Command-Line Syntax Key 


ieee 
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Extracts files from a cabinet or source. 


Syntax 


extract [/y] [/a] [/d | /e] [/1 dir] cabinet [filename ... 


extract [/y] source [newname] 
extract [/y] /c source destination 


Parameters 
PARAMETER 
cabinet 


filename 


source 


newname 


/a 


/c 
/d 
/e 
Å dir 
ly 


Additional References 


e Command-Line Syntax Key 





DESCRIPTION 


Use if you want to extract two or more files. 


Name of the file to extract from the cabinet. Wild cards and 
multiple filenames (separated by blanks) may be used. 


Compressed file (a cabinet with only one file). 


New filename to give the extracted file. If not supplied, the 
original name is used. 


Process ALL cabinets. Follows cabinet chain starting in first 
cabinet mentioned. 


Copy source file to destination (to copy from DMF disks). 


Display cabinet directory (use with filename to avoid extract). 


Extract (use instead of . to extract all files). 


Location to place extracted files (default is current directory). 


Don't prompt before overwriting an existing file. 


fc 
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Compares two files or sets of files and displays the differences between them. 


Syntax 


fo /a [/c] [/1] [/lb<n>] [/n] [/off[line]] [/t] [/u] [/w] [/<nnnn>] [<drive1>:][<path1>]<filename1> 
[<drive2>:][<path2>]<filename2> 
fo /b [<drive1:>][<path1>]<filename1> [<drive2:>][<path2>]<filename2> 


Parameters 

PARAMETER DESCRIPTION 

/a Abbreviates the output of an ASCII comparison. Instead of 
displaying all of the lines that are different, fc displays only the 
first and last line for each set of differences. 

/b Compares the two files in binary mode, byte by byte, and 
does not attempt to resynchronize the files after finding a 
mismatch. This is the default mode for comparing files that 
have the following file extensions: .exe, .com, .sys, .obj, .lib, or 
-bin. 

/c Ignores the letter case. 

Å Compares the files in ASCII mode, line-by-line, and attempts 
to resynchronize the files after finding a mismatch. This is the 
default mode for comparing files, except files with the 
following file extensions: .exe, .com, .sys, .obj, .lib, or .bin. 

/lb <n> Sets the number of lines for the internal line buffer to M. The 
default length of the line buffer is 100 lines. If the files that 
you are comparing have more than 100 consecutive differing 
lines, fc cancels the comparison. 

/n Displays the line numbers during an ASCII comparison. 

/off[line] Doesn't skip files that have the offline attribute set. 

/t Prevents fc from converting tabs to spaces. The default 
behavior is to treat tabs as spaces, with stops at each eighth 
character position. 

/u Compares files as Unicode text files. 

/w Compresses white space (that is, tabs and spaces) during the 


comparison. If a line contains many consecutive spaces or 
tabs, /w treats these characters as a single space. When used 
with /w, fc ignores white space at the beginning and end of a 
line. 


PARAMETER DESCRIPTION 


/ <nnnn> Specifies the number of consecutive lines that must match 
following a mismatch, before fc considers the files to be 
resynchronized. If the number of matching lines in the files is 
less than nnnn, fc displays the matching lines as differences. 
The default value is 2. 


[<drive1>:][<path1>]<filenamel> Specifies the location and name of the first file or set of files to 
compare. filename7 is required. 


[<drive2>: ][<path2>]<filename2> Specifies the location and name of the second file or set of files 
to compare. filename2 is required. 


/? Displays help at the command prompt. 


Remarks 
e This command is implemeted by c\WINDOWS\fc.exe. You can use this command within PowerShell, but be 


sure to spell out the full executable (fc.exe) since 'fc' is also an alias for Format-Custom. 


e When you use fc for an ASCII comparison, fc displays the differences between two files in the following 
order: 


o Name ofthe first file 
o Lines from filename1 that differ between the files 
o First line to match in both files 
o Name ofthe second file 
o Lines from filename2 that differ 
o First line to match 
e /b displays mismatches that are found during a binary comparison in the following syntax: 
\<XXXXXXXX: YY ZZ> 


The value of XXXXXXXX specifies the relative hexadecimal address for the pair of bytes, measured from the 
beginning of the file. Addresses start at 00000000. The hexadecimal values for YYand ZZ represent the 
mismatched bytes from filename? and filename?2, respectively. 


e You can use wildcard characters (* and ?) in filename7 and filename?. If you use a wildcard in filenameT, fc 
compares all the specified files to the file or set of files specified by filename2. If you use a wildcard in 
filename2, fc uses the corresponding value from filename”. 


e When comparing ASCII files, fc uses an internal buffer (large enough to hold 100 lines) as storage. If the files 
are larger than the buffer, fc compares what it can load into the buffer. If fc doesn't find a match in the 
loaded portions of the files, it stops and displays the following message: 


Resynch failed. Files are too different. 


When comparing binary files that are larger than the available memory, fc compares both files completely, 
overlaying the portions in memory with the next portions from the disk. The output is the same as that for 
files that fit completely in memory. 

Examples 


To make an ASCII comparison of two text files, monthly.rpt and sales.rpt and display the results in abbreviated 


format, type: 
fc /a monthly.rpt sales.rpt 

To make a binary comparison of two batch files, profits.bat and earnings.bat, type: 
fc /b profits.bat earnings.bat 

Results similar to the following appear: 


00000002: 72 43 
00000004: 65 3A 
@QG08@GE: 56 92 
000005E8: 00 6E 
FC: earnings.bat longer than profits.bat 


If the profits.bat and earnings.bat files are identical, fc displays the following message: 


Comparing files profits.bat and earnings.bat 
FC: no differences encountered 


To compare every .bat file in the current directory with the file new.bat type: 
fc *.bat new.bat 

To compare the file new.bat on drive C with the file new.bat on drive D, type: 
fo c:new.bat d:*.bat 


To compare each batch file in the root directory on drive C to the file with the same name in the root directory on 
drive D, type: 


fe c:*. bat d:* bat 


Additional References 


e Command-Line Syntax Key 


filesystems 
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Displays information about the current file system of the volume with focus and lists the file systems that are 
supported for formatting the volume. 


A volume must be selected for this operation to succeed. Use the select volume command to select a volume and 
shift the focus to it. 


Syntax 


filesystems 


Additional References 


e Command-Line Syntax Key 


find 
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Searches for a string of text in a file or files, and displays lines of text that contain the specified string. 


Syntax 


find [/v] [/c] [/n] [/i] [/off[line]] <string> [[<drive>:][<path>]<filename>[...]] 


Parameters 
PARAMETER DESCRIPTION 
N Displays all lines that don't contain the specified <string> . 
/c Counts the lines that contain the specified <string> and 
displays the total. 
/n Precedes each line with the files line number. 
fi Specifies that the search is not case-sensitive. 
[/off[line]] Doesn't skip files that have the offline attribute set. 
<string> Required. Specifies the group of characters (enclosed in 
quotation marks) that you want to search for. 
[<drive>:][<path>]<filename> Specifies the location and name of the file in which to search 
for the specified string. 
/? Displays help at the command prompt. 
Remarks 


e If you don't use /i, this command searches for exactly what you specify for string. For example, this 
command treats the characters a and A differently. If you use /i, however, the search becomes non-case- 
sensitive, and it treats a and A as the same character. 


e Ifthe string you want to search for contains quotation marks, you must use double quotation marks for each 
quotation mark contained within the string (for example, ""This string contains quotation marks""). 


e If you omit a file name, this command acts as a filter, taking input from the standard input source (usually 
the keyboard, a pipe (|), or a redirected file) and then displays any lines that contain string. 


e You can type parameters and command-line options for the find command in any order. 


e You can't use wildcards (* and ?) in file names or extensions that you specify while using this command. To 
search for a string in a set of files that you specify with wildcards, you can use this command within a for 
command. 


e If you use/c and /v in the same command line, this command displays a count of the lines that don't 
contain the specified string. If you specify /c and /n in the same command line, find ignores /n. 


e This command doesn't recognize carriage returns. When you use this command to search for text in a file 
that includes carriage returns, you must limit the search string to text that can be found between carriage 
returns (that is, a string that is not likely to be interrupted by a carriage return). For example, this command 
doesn't report a match for the string tax file if a carriage return occurs between the words tax and file. 


Examples 


To display all lines from pencil.ad that contain the string pencil sharpener, type: 
find pencil sharpener pencil.ad 


To find the text, "The scientists labeled their paper for discussion only. It is not a final report." in the reportdoc file, 


type: 
find ""The scientists labeled their paper for discussion only. It is not a final report."" report.doc 


To search for a set of files, you can use the find command within the for command. To search the current directory 
for files that have the extension .bat and that contain the string PROMPT, type: 


for %f in (*.bat) do find PROMPT %Ff 


To search your hard disk to find and display the file names on drive C that contain the string CPU, use the pipe (|) to 
direct the output of the dir command to the find command as follows: 


dir c:\ /s /b | find CPU 


Because find searches are case-sensitive and dir produces uppercase output, you must either type the string CPU 
in uppercase letters or use the /i command-line option with find. 


Additional References 


e Command-Line Syntax Key 


e for command 


findstr 
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Searches for patterns of text in files. 


Syntax 


findstr [/b] [/e] [/1 | /r] [/s] [/i] [/x] [/v] [/n] [/m] [/o] [/p] [/f:<file>] [/c:<string>] [/g:<file>] [/d: 


<dirlist>] [/a:<colorattribute>] [/off[line]] <strings> [<drive>:][<path>]<filename>[ ...] 
Parameters 
PARAMETER DESCRIPTION 
/b Matches the text pattern if it is at the beginning of a line. 
/e Matches the text pattern if it is at the end of a line. 
/\ Processes search strings literally. 
/t Processes search strings as regular expressions. This is the 


default setting. 


/s Searches the current directory and all subdirectories. 

/i Ignores the case of the characters when searching for the 
string. 

/x Prints lines that match exactly. 

N Prints only lines that don't contain a match. 

/n Prints the line number of each line that matches. 

/m Prints only the file name if a file contains a match. 

/o Prints character offset before each matching line. 

/p Skips files with non-printable characters. 

/off[line] Does not skip files that have the offline attribute set. 

/f: <file> Gets a file list from the specified file. 

/c <string> Uses the specified text as a literal search string. 


/g: <file> Gets search strings from the specified file. 


PARAMETER 


/d: <dirlist> 


/a: <colorattribute> 


<strings> 


[\<drive>:][<path>]<filename>[...] 


P? 


Remarks 


DESCRIPTION 


Searches the specified list of directories. Each directory must 
be separated with a semicolon (;), for example 
dir1;dir2;dir3. |. 


Specifies color attributes with two hexadecimal digits. Type 
color /? for additional information. 


Specifies the text to search for in filename. Required. 


Specifies the location and file or files to search. At least one file 
name is required. 


Displays Help at the command prompt. 


e All findstr command-line options must precede strings and filename in the command string. 


e Regular expressions use both literal characters and meta-characters to find patterns of text, rather than exact 


strings of characters. 


o A literal character is a character that doesn't have a special meaning in the regular-expression syntax; 


instead, it matches an occurrence of that character. For example, letters and numbers are literal 


characters. 


o Ameta-character is a symbol with special meaning (an operator or delimiter) in the regular- 


expression syntax. 


The accepted meta-characters are: 


META-CHARACTER 


[class] 


[class] 


[x-y] 


\x 


\<string 


string\> 


VALUE 


Wildcard - Any character 


Repeat - Zero or more occurrences of the previous 
character or class. 


Beginning line position - Beginning of the line. 


Ending line position - End of the line. 


Character class - Any one character in a set. 


Inverse class - Any one character not in a set. 


Range - Any characters within the specified range. 


Escape - Literal use of a meta-character. 


Beginning word position - Beginning of the word. 


Ending word position - End of the word. 


The special characters in regular expression syntax have the most power when you use them 
together. For example, use the combination of the wildcard character ( . ) and repeat ( * ) character 


to match any string of characters: .* 


Use the following expression as part of a larger expression to match any string beginning with band 


ending with ing. b.*ing 


e To search for multiple strings in a set of files, you must create a text file that contains each search criterion 


on a separate line. 
e Use spaces to separate multiple search strings unless the argument is prefixed with /c. 


Examples 


To search for hello or therein file x.y, type: 


findstr hello there x.y 


To search for hello there in file x.y, type: 


findstr /c:hello there x.y 


To find all occurrences of the word Windows (with an initial capital letter W) in the file proposal.txt type: 


findstr Windows proposal.txt 


To search every file in the current directory and all subdirectories that contained the word Windows, regardless of 


the letter case, type: 
findstr /s /i Windows *.* 


To find all occurrences of lines that begin with FOR and are preceded by zero or more spaces (as in a computer 
program loop), and to display the line number where each occurrence is found, type: 


findstr /b /n /r /c:*% *FOR *.bas 


To list the exact files that you want to search in a text file, use the search criteria in the file stringlist txt to search the 
files listed in fi/e/ist.txt, and then to store the results in the file resu/ts.out, type: 


findstr /g:stringlist.txt /f:filelist.txt > results.out 


To list every file containing the word computer within the current directory and all subdirectories, regardless of 


case, type: 
findstr /s /i /m \<computer\> *.* 


To list every file containing the word computer and any other words that begin with comp, (such as compliment 


and compete), type: 


findstr /s /i /m \<comp.* *.* 


Additional References 


e Command-Line Syntax Key 


finger 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about users on a specified remote computer (typically a computer running UNIX) that is 
running the finger service or daemon. The remote computer specifies the format and output of the user 
information display. Used without parameters, finger displays help. 





IMPORTANT 


This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a 


network adapter in Network Connections. 





Syntax 


finger [-1] [<user>] [@<host>] [...] 


Parameters 
PARAMETER DESCRIPTION 
- Displays user information in long list format. 

<user> Specifies the user about which you want information. If you 
omit the user parameter, this command displays information 
about all users on the specified computer. 

@<host> Specifies the remote computer running the finger service 
where you are looking for user information. You can specify a 
computer name or IP address. 

R Displays help at the command prompt. 
Remarks 


e You must prefix finger parameters with a hyphen (-) rather than a slash (/). 
e Multiple user@host parameters can be specified. 


Examples 


To display information for user7 on the computer users.microsoft.com, type: 


finger useriØusers.microsoft.com 


To display information for all users on the computer users.microsoftcom, type: 


finger @users.microsoft.com 


Additional References 


e Command-Line Syntax Key 


flattemp 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Enables or disables flat temporary folders. You must have administrative credentials to run this command. 





NOTE 


This command is only available if you have installed the Remote Desktop Session Host role service. 





Syntax 


flattemp (/query | /enable | /disable) 


Parameters 

PARAMETER DESCRIPTION 

/query Queries the current setting. 

/enable Enables flat temporary folders. Users will share the temporary 
folder unless the temporary folder resides in the user's home 
folder. 

/disable Disables flat temporary folders. Each user's temporary folder 
will reside in a separate folder (determined by the user's 
Session ID). 

/? Displays help at the command prompt. 

Remarks 
° 


After each user has a unique temporary folder, use flattemp /enable to enable flat temporary folders. 


The default method for creating temporary folders for multiple users (usually pointed to by the TEMP and 
TMP environment variables) is to create subfolders in the \Temp folder, by using the logonID as the 
subfolder name. For example, if the TEMP environment variable points to C\Temp, the temporary folder 
assigned to the user logonID 4 is C\Temp\4. 


Using flattemp, you can point directly to the \Temp folder and prevent subfolders from forming. This is 
useful when you want the user temporary folders to be contained in home folders, whether on an Remote 
Desktop Session Host server local drive or on a shared network drive. You should use the 

flattemp /enable* command only when each user has a separate temporary folder. 


You might encounter app errors if the user's temporary folder is on a network drive. This occurs when the 
shared network drive becomes momentarily inaccessible on the network. Because the temporary files of the 
app are either inaccessible or out of synchronization, it responds as if the disk has stopped. Moving the 
temporary folder to a network drive is not recommended. The default is to keep temporary folders on the 
local hard disk. If you experience unexpected behavior or disk-corruption errors with certain applications, 


stabilize your network or move the temporary folders back to the local hard disk. 


e If you disable using separate temporary folders per-session, flattemp settings are ignored. This option is 


set in the Remote Desktop Services Configuration tool. 


Examples 


To display the current setting for flat temporary folders, type: 
flattemp /query 

To enable flat temporary folders, type: 
flattemp /enable 

To disable flat temporary folders, type: 
flattemp /disable 


Additional References 


e Command-Line Syntax Key 


fondue 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Enables Windows optional features by downloading required files from Windows Update or another source 
specified by Group Policy. The manifest file for the feature must already be installed in your Windows image. 


Syntax 


fondue.exe /enable-feature:<feature_name> [/caller-name:<program_name>] [/hide-ux:{all | rebootrequest}] 


Parameters 


PARAMETER DESCRIPTION 


/enable-feature: <feature_name> Specifies the name of the Windows optional feature you want 
to enable. You can only enable one feature per command line. 
To enable multiple features, use fondue.exe for each feature. 


/caller-name: <program_name> Specifies the program or process name when you call 
fondue.exe from a script or batch file. You can use this option 
to add the program name to the SQM report if there is an 
error. 


/hide-ux: {all | rebootrequest} Use all to hide all messages to the user including progress 
and permission requests to access Windows Update. If 
permission is required, the operation will fail. 


Use rebootrequest to only hide user messages asking 
for permission to reboot the computer. Use this option if 
you have a script that controls reboot requests. 


Examples 


To enable Microsoft .NET Framework 4.8, type: 


fondue.exe /enable-feature:NETFX4 


To enable Microsoft .NET Framework 4.8, add the program name to the SQM report, and not display messages to 
the user, type: 


fondue.exe /enable-feature:NETFX4 /caller-name:Admin.bat /hide-ux:all 


Additional References 


e Command-Line Syntax Key 


e Microsoft .NET Framework 4.8 Download 


for 
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Runs a specified command for each file, within a set of files. 


Syntax 


for (%% | %}<variable> in (<set>) do <command> [<commandlineoptions>] 


Parameters 


PARAMETER DESCRIPTION 


{%% | %}<variable> Required. Represents a replaceable parameter. Use a single 
percent sign ( % ) to carry out the for command at the 
command prompt. Use double percent signs ( %% ) to carry 
out the for command within a batch file. Variables are case 
sensitive, and they must be represented with an alphabetical 
value such as %a, %b, or %c. 


( <set> ) Required. Specifies one or more files, directories, or text 
strings, or a range of values on which to run the command. 
The parentheses are required. 


<command> Required. Specifies the command that you want to carry out 
on each file, directory, or text string, or on the range of values 
included in set. 


<commandlineoptions> Specifies any command-line options that you want to use with 
the specified command. 


nR Displays help at the command prompt. 


Remarks 


e You can use this command within a batch file or directly from the command prompt. 
e The following attributes apply to the for command: 


o This command replaces % variable or %% variable With each text string in the specified set until the 
specified command processes all of the files. 


o Variable names are case sensitive, global, and no more than 52 can be active at a time. 


© To avoid confusion with the batch parameters, %e through %9 , you can use any character for 
variable except the numerals 0 through 9. For simple batch files, a single character such as %%F will 


work. 


o You can use multiple values for variable in complex batch files to distinguish different replaceable 
variables. 


e The setparameter can represent a single group of files or several groups of files. You can use wildcard 
characters (* and ?) to specify a file set. The following are valid file sets: 


(*.doc) 

(*.doc *.txt *.me) 

(jan*.doc jan*.rpt feb*.doc feb*.rpt) 
(ar??1991.* ap??1991.*) 


e When you use this command, the first value in setreplaces % variable or %% variable , and then the 
specified command processes this value. This continues until all of the files (or groups of files) that 
correspond to the set value are processed. 


e In and do aren't parameters, but you must use them with this command. If you omit either of these 
keywords, an error message appears. 


e |f command extensions are enabled (that is the default), the following additional forms of for are supported: 


o Directories only: If setcontains wildcard characters (* or ?), the specified command executes for 


each directory (instead of a set of files in a specified directory) that matches set The syntax is: 


for /d {%%|%}<Variable> in (<Set>) do <Command> [<CommandLineOptions>] 


o Recursive: Walks the directory tree that is rooted at drivepath and executes the for statement in 
each directory of the tree. If no directory is specified after /r, the current directory is used as the root 
directory. If setis just a single period (.), it only enumerates the directory tree. The syntax is: 


for /r [[<drive>:]<path>] {%%|%}<variable> in (<set>) do <command> [<commandlinepptions>] 


o Iterating a range of values: Use an iterative variable to set the starting value (start#) and then 
step through a set range of values until the value exceeds the set ending value (end#). /I will execute 
the iterative by comparing start with end#. If start# is less than end# the command will execute. 
When the iterative variable exceeds ena#, the command shell exits the loop. You can also use a 
negative step# to step through a range in decreasing values. For example, (1,1,5) generates the 
sequence 1 2 3 4 5 and (5,-1,1) generates the sequence 5 4 3 2 1. The syntax is: 


for /1 {%%|%}<variable> in (<start#>,<step#>,<end#>) do <command> [<commandlinepptions>] 


o Iterating and file parsing: Use file parsing to process command output, strings, and file content. 
Use iterative variables to define the content or strings that you want to examine, and use the various 
parsingkeywords options to further modify the parsing. Use the parsingkeywords token option to 
specify which tokens should be passed as iterative variables. Note that when used without the token 
option, /f will only examine the first token. 


File parsing consists of reading the output, string, or file content, and then breaking it into individual 
lines of text and parsing each line into zero or more tokens. The for loop is then called with the 
iterative variable value set to the token. By default, /f passes the first blank separated token from 
each line of each file. Blank lines are skipped. 


The syntaxes are: 


for /f [<parsingkeywords>] {%%|%}<variable> in (<set>) do <command> [<commandlinepptions>] 

for /f [<parsingkeywords>] {%%|%}<variable> in (<literalstring>) do <command> 
[<commandlinepptions> ] 

for /f [<parsingkeywords>] {%%|%}<variable> in ('<command>') do <command> [<commandlinepptions>] 


The setargument specifies one or more file names. Each file is opened, read, and processed before 


moving to the next file in set To override the default parsing behavior, specify parsingkeywords. This 


is a quoted string that contains one or more keywords to specify different parsing options. 


If you use the usebackq option, use one of the following syntaxes: 


for /f [usebackq <parsingkeywords>] {%%|%}<variable> in (<Set>) do <command> 


[<commandlinepptions> ] 


for /f [usebackq <parsingkeywords>] {%%|%}<variable> in ('<LiteralString>') do <command> 


[<commandlinepptions> ] 


for /f [usebackq <parsingkeywords>] (%%|%)<variable> in (”<command>) do <command> 


[<commandlinepptions>] 


The following table lists the parsing keywords that you can use for parsingkeyworas. 


KEYWORD 


eol= <c> 


skip= <n> 


delims= <xxx> 


tokens= <x,y,m-n> 


usebackq 


DESCRIPTION 


Specifies an end of line character (just one character). 


Specifies the number of lines to skip at the beginning 
of the file. 


Specifies a delimiter set. This replaces the default 
delimiter set of space and tab. 


Specifies which tokens from each line are to be passed 
to the for loop for each iteration. As a result, 
additional variable names are allocated. m-n specifies a 
range, from the mth through the nth tokens. If the 
last character in the tokens= string is an asterisk (*), 
an additional variable is allocated, and it receives the 
remaining text on the line after the last token that is 
parsed. 


Specifies to run a back-quoted string as a command, 
use a single-quoted string as a literal string, or, for 
long file names that contain spaces, allow file names in 

<set> , to each be enclosed in double-quotation 
marks. 


o Variable substitution: The following table lists optional syntax (for any variable I): 


VARIABLE WITH MODIFIER 


%~fI 


%~dI 


%~pI 


%~nI 


%~xI 


DESCRIPTION 


Expands %1 which removes any surrounding 
quotation marks. 


Expands %1 toa fully qualified path name. 


Expands %I toa drive letter only. 


Expands %I to a path only. 


Expands %1 toa file name only. 


Expands %I toa file name extension only. 


VARIABLE WITH MODIFIER 


%~sI 


%-aI 


%~tI 


%~zI 


%~$PATH:I 


DESCRIPTION 


Expands path to contain short names only. 


Expands %I tothe file attributes of file. 


Expands %I to the date and time of file. 


Expands %1 to the size of the file. 


Searches the directories listed in the PATH 
environment variable and expands %1 to the fully 
qualified name of the first directory found. If the 
environment variable name is not defined or the file is 
not found by the search, this modifier expands to the 
empty string. 


The following table lists modifier combinations that you can use to get compound results. 


VARIABLE WITH COMBINED MODIFIERS 


%~dpI 


%~nxI 


%~fsI 


%~dp$PATH:I 


%~ftzaI 


DESCRIPTION 


Expands %I toa drive letter and path only. 


Expands %I toa file name and extension only. 


Expands %1 toa full path name with short names 


only. 


Searches the directories that are listed in the PATH 
environment variable for %I and expands to the 
drive letter and path of the first one found. 


Expands %I to an output line that is like dir. 


In the above examples, you can replace %1 and PATH with other valid values. A valid for variable 


name ends the %~ syntax. 


By using uppercase variable names such as %I , you can make your code more readable and avoid 


confusion with the modifiers, which are not case sensitive. 


e Parsing a string: You can use the for /f parsing logic on an immediate string by wrapping 


<literalstring> in either: double quotes (without usebackq) or in single quotes (with usebackq) --for 


example, (MyString) or (‘MyString'). <literalstring> is treated as a single line of input from a file. When 


parsing <literalstring> in double-quotes, command symbols (such as, \ & | > < *) are treated as 


ordinary characters. 


e Parsing output: You can use the for /f command to parse the output of a command by placing a back- 


quoted <command> between the parentheses. It is treated as a command line, which is passed to a child 


Cmd.exe. The output is captured into memory and parsed as if it is a file. 


Examples 


To use for in a batch file, use the following syntax: 


for (%%|%)<variable> in (<set>) do <command> [<commandlineoptions>] 


To display the contents of all the files in the current directory that have the extension .doc or .txt by using the 
replaceable variable %f, type: 


for %f in (*.doc *.txt) do type %f 


In the preceding example, each file that has the .doc or .txt extension in the current directory is substituted for the 
%f variable until the contents of every file are displayed. To use this command in a batch file, replace every 
occurrence of %f with %%f. Otherwise, the variable is ignored and an error message is displayed. 


To parse a file, ignoring commented lines, type: 
for /f eol=; tokens=2,3* delims=, %i in (myfile.txt) do @echo %i %j %k 


This command parses each line in myfile.txt. It ignores lines that begin with a semicolon and passes the second and 
third token from each line to the for body (tokens are delimited by commas or spaces). The body of the for 
statement references %i to get the second token, %j to get the third token, and %k to get all of the remaining 
tokens. If the file names that you supply contain spaces, use quotation marks around the text (for example, File 
Name). To use quotation marks, you must use usebackq. Otherwise, the quotation marks are interpreted as 
defining a literal string to parse. 


%i is explicitly declared in the for statement. %j and %k are implicitly declared by using tokens=. You can use 
tokens= to specify up to 26 tokens, provided that it does not cause an attempt to declare a variable higher than 
the letter z or Z. 


To parse the output of a command by placing set between the parentheses, type: 


for /f usebackq delims== %i in ('set') do @echo %i 


Additional References 


e Command-Line Syntax Key 


forfiles 
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Selects and runs a command on a file or set of files. This command is most commonly used in batch files. 


Syntax 


forfiles [/P pathname] [/M searchmask] [/S] [/C command] [/D [+ | -] [{<date> | <days>}]] 


Parameters 


PARAMETER 


/P <pathname> 


/M <«searchmask> 


/S 


/C <command> 


/D_[{+\l-}][{<date> | <days>}] 


£ 


Remarks 


e The forfiles /S commandis similar to dir /s . 


DESCRIPTION 


Specifies the path from which to start the search. By default, 
searching starts in the current working directory. 


Searches files according to the specified search mask. The 
default searchmask is * . 


Instructs the forfiles command to search in subdirectories 
recursively. 


Runs the specified command on each file. Command strings 
should be wrapped in double quotes. The default command is 
"cmd /c echo @file" . 


Selects files with a last modified date within the specified time 

frame: 

e Selects files with a last modified date later than or 
equal to (+) or earlier than or equal to (-) the specified 
date, where date is in the format MM/DD/YYYY. 

e Selects files with a last modified date later than or 
equal to (+) the current date plus the number of days 
specified, or earlier than or equal to (-) the current 
date minus the number of days specified. 

e Valid values for days include any number in the range 
0-32,768. If no sign is specified, + is used by default. 


Displays the help text in the cmd window. 


e You can use the following variables in the command string as specified by the /C command-line option: 


VARIABLE 


@FILE 


@FNAME 


DESCRIPTION 


File name. 


File name without extension. 


VARIABLE DESCRIPTION 


@EXT File name extension. 

@PATH Full path of the file. 

@RELPATH Relative path of the file. 

@ISDIR Evaluates to TRUE if a file type is a directory. Otherwise, 


this variable evaluates to FALSE. 


@FSIZE File size, in bytes. 
@FDATE Last modified date stamp on the file. 
@FTIME Last modified time stamp on the file. 


The forfiles command lets you run a command on or pass arguments to multiple files. For example, you 
could run the type command on all files in a tree with the txt file name extension. Or you could execute 
every batch file (*.bat) on drive C, with the file name Myinput.txt as the first argument. 


This command can: 

o Select files by an absolute date or a relative date by using the /d parameter. 
o Build an archive tree of files by using variables such as @FSIZE and @FDATE. 
o Differentiate files from directories by using the @ISDIR variable. 


o Include special characters in the command line by using the hexadecimal code for the character, in 
OxHH format (for example, 0x09 for a tab). 


This command works by implementing the recurse subdirectories flag on tools that are designed to 


process only a single file. 


Examples 


To list all of the batch files on drive C, type: 


forfiles /P c:\ /S /M *.bat /C "cmd /c echo @file is a batch file" 


To list all of the directories on drive C, type: 


forfiles /P c:\ /S /M *.* /C "cmd /c if @isdir==TRUE echo @file is a directory” 


To list all of the files in the current directory that are at least one year old, type: 


forfiles /S /M *.* /D -365 /C "cmd /c echo Øfile is at least one year old." 


To display the text file is outdated for each of the files in the current directory that are older than January 1, 2007, 
type: 


forfiles /S /M *.* /D -01/01/2007 /C “cmd /c echo @file is outdated." 


To list the file name extensions of all the files in the current directory in column format, and add a tab before the 
extension, type: 


forfiles /S /M *.* /C “cmd /c echo The extension of Øfile is @x@9@ext" 


Additional References 


e Command-Line Syntax Key 


Format 
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Applies to: Windows 10, Windows Server 2016 


Formats a disk to accept Windows files. You must be a member of the Administrators group to format a hard drive. 





NOTE 


You can also use the format command, with different parameters, from the Recovery Console. For more information about 


the recovery console, see Windows Recovery Environment (Windows RE). 





Syntax 


format <volume> [/fs:{FAT|FAT32|NTFS}] [/v:<label>] [/q] [/a:<unitsize>] [/c] [/x] [/p:<passes>] 
format <volume> [/v:<label>] [/q] [/f:<size>] [/p:<passes>] 

format <volume> [/v:<label>] [/q] [/t:<tracks> /n:<sectors>] [/p:<passes>] 

format <volume> [/v:<label>] [/q] [/p:<passes>] 

format <volume> [/q] 


Parameters 


PARAMETER DESCRIPTION 


<volume> Specifies the mount point, 
volume name, or drive letter 
(followed by a colon) of the 
drive that you want to 
format. If you do not specify 
any of the following 
command-line options, 
format uses the volume 
type to determine the 
default format for the disk. 


/fs:{FAT FAT32 NTFS} Specifies the type of file 
system (FAT, FAT32, NTFS). 


/N: <label> Specifies the volume label. If 
you omit the /v command- 
line option or use it without 
specifying a volume label, 
format prompts you for the 
volume label after the 
formatting is complete. Use 
the syntax /v: to prevent 
the prompt for a volume 
label. If you use a single 
format command to format 
more than one disk, all of 
the disks will be given the 
same volume label. 


PARAMETER 


/a: <unitsize> 


/q 


/f: <size> 


DESCRIPTION 


Specifies the allocation unit 
size to use on FAT, FAT32, or 
NTFS volumes. If you don't 
specify unitsize, it's chosen 
based on volume size. 
Default settings are strongly 
recommended for general 
use. The following list 
presents valid values for 
NTFS, FAT, and FAT32 
unitsize 

e 512 

e 1024 

e 2048 

e 4096 

6 8192 

e 16K 

e 32K 

e 64K 


FAT and FAT32 also support 
128K and 256K for a sector 
size greater than 512 bytes. 


Performs a quick format. 
Deletes the file table and the 
root directory of a 
previously formatted 
volume, but does not 
perform a sector-by-sector 
scan for bad areas. You 
should use the /q 
command-line option to 
format only previously 
formatted volumes that you 
know are in good condition. 
Note that /q overrides /p. 


Specifies the size of the 
floppy disk to format. When 
possible, use this command- 
line option instead of the /t 
and /n command-line 
options. Windows accepts 
the following values for size: 
e 1440 or 1440k or 
1440kb 
e 1.44 or 1.44m or 
1.44mb 
e 1.44-MB, double- 
sided, quadruple- 
density, 3.5-inch disk 


PARAMETER DESCRIPTION 


/t: <tracks> Specifies the number of 
tracks on the disk. When 
possible, use the /f 
command-line option 
instead. If you use the /t 
option, you must also use 
the /n option. These options 
together provide an 
alternative method of 
specifying the size of the 
disk that is being formatted. 
This option is not valid with 
the /f option. 


/n: <sectors> Specifies the number of 
sectors per track. When 
possible, use the /f 
command-line option 
instead of /n. If you use /n, 
you must also use /t. These 
two options together 
provide an alternative 
method of specifying the 
size of the disk that is being 
formatted. This option is not 
valid with the /f option. 


/P: <passes> Zeros every sector on the 
volume for the number of 
passes specified. This option 
is not valid with the /q 
option. 


/c NTFS only. Files created on 
the new volume will be 
compressed by default. 


/x Causes the volume to 
dismount, if necessary, 
before it's formatted. Any 
open handles to the volume 
will no longer be valid. 


ff Displays help at the 
command prompt. 


Remarks 
e The format command creates a new root directory and file system for the disk. It can also check for bad 
areas on the disk, and it can delete all data on the disk. To be able to use a new disk, you must first use this 


command to format the disk. 
e After formatting a floppy disk, format displays the following message: 
Volume label (11 characters, ENTER for none)? 


To add a volume label, type up to 11 characters (including spaces). If you do not want to add a volume label 
to the disk, press ENTER. 


e When you use the format command to format a hard disk, a warning message similar to the following 


displays: 


WARNING, ALL DATA ON NON-REMOVABLE DISK 
DRIVE x: WILL BE LOST! 
Proceed with Format (Y/N)? _ 


To format the hard disk, press Y; if you do not want to format the disk, press N. 


e FAT file systems restrict the number of clusters to no more than 65526. FAT32 file systems restrict the 
number of clusters to between 65527 and 4177917. 


e NTFS compression is not supported for allocation unit sizes above 4096. 





NOTE 


Format will immediately stop processing if it determines that the previous requirements can't be met using the 


specified cluster size. 





e When formatting is complete, format displays messages that show the total disk space, the spaces marked 
as defective, and the space available for your files. 


e You can speed up the formatting process by using the /q command-line option. Use this option only if there 
are no bad sectors on your hard disk. 


e You shouldn't use the format command on a drive that was prepared by using the subst command. You 
can't format disks over a network. 


e The following table lists each exit code and a brief description of its meaning. 


EXIT CODE DESCRIPTION 

0 The format operation was successful. 

1 Incorrect parameters were supplied. 

4 A fatal error occurred (which is any error other than 0, 1, 
or 5). 

5 The user pressed N in response to the prompt "Proceed 


with Format (Y/N)?" to stop the process. 


You can check these exit codes by using the ERRORLEVEL environment variable with the if batch command. 


Examples 


To format a new floppy disk in drive A using the default size, type: 


format a: 


To perform a quick format operation on a previously formatted floppy disk in drive A, type: 


format a: /q 


To format a floppy disk in drive A and assign it the volume label DATA, type: 


format a: /v:DATA 


Additional References 


e Command-Line Syntax Key 


freedisk 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Checks to see if the specified amount of disk space is available before continuing with an installation process. 


Syntax 


freedisk [/s <computer> [/u [<domain>\]<user> [/p [<password>]]]] [/d <drive>] [<value>] 


Parameters 

PARAMETER DESCRIPTION 

/S <computer> Specifies the name or IP address of a remote computer (do 
not use backslashes). The default is the local computer. This 
parameter applies to all files and folders specified in the 
command. 

/U [<domain>V]<user> Runs the script with the permissions of the specified user 
account. The default is system permissions. 

/p Ul Specifies the password of the user account that is specified in 
/u. 

/d <drive> Specifies the drive for which you want to find out the 
availability of free space. You must specify <drive> fora 
remote computer. 

<value> Checks for a specific amount of free disk space. You can specify 
<value> in bytes, KB, MB, GB, TB, PB, EB, ZB or YB. 
Remarks 


e Using the /s,/u, and /p command-line options are available only when you use /s. You must use /p with 
/uto provide the user s password. 


e For unattended installations, you can use freedisk in installation batch files to check for the prerequisite 
amount free space before continuing with the installation. 


e@ When you use freedisk in a batch file, it returns a 0 if there's enough space and a 1 if there's not enough 
space. 


Examples 


To determine whether there are at least 50 MB of free space available on drive C;, type: 


freedisk 5ømb 


Output similar to the following appears on the screen: 


INFO: The specified 52,428,800 byte(s) of free space is available on current drive. 


Additional References 


e Command-Line Syntax Key 


fsutil 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, 
Windows 10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 
2008 R2, Windows 7 


Performs tasks that are related to file allocation table (FAT) and NTFS file systems, such as managing reparse 
points, managing sparse files, or dismounting a volume. If it's used without parameters, fsutil displays a list of 
supported subcommands. 





NOTE 


You must be logged on as an administrator or a member of the Administrators group to use fsutil. This command is quite 
powerful and should be used only by advanced users who have a thorough knowledge of Windows operating systems. 


You must enable Windows Subsystem for Linux before you can run fsutil. Run the following command as Administrator in 
PowerShell to enable this optional feature: 


Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux 


You'll be prompted to restart your computer once it's installed. After your computer restarts, you'll be able to run Fsutil as 
an administrator. 








Parameters 


SUBCOMMAND DESCRIPTION 


fsutil 8dot3name Queries or changes the settings for short name behavior on 
the system, for example, generates 8.3 character-length file 
names. Removes short names for all files within a directory. 
Scans a directory and identifies registry keys that might be 
impacted if short names were stripped from the files in the 
directory. 


fsutil dirty Queries whether the volumes dirty bit is set or sets a 
volumes dirty bit. When a volumes dirty bit is set, autochk 
automatically checks the volume for errors the next time the 
computer is restarted. 


fsutil file Finds a file by user name (if Disk Quotas are enabled), 
queries allocated ranges for a file, sets a files short name, 
sets a file's valid data length, sets zero data for a file, creates 
a new file of a specified size, finds a file ID if given the name, 
or finds a file link name for a specified file ID. 


fsutil fsinfo Lists all drives and queries the drive type, volume 
information, NTFS-specific volume information, or file system 
statistics. 


SUBCOMMAND 


fsutil hardlink 


fsutil objectid 


fsutil quota 


fsutil repair 


fsutil reparsepoint 


fsutil resource 


fsutil sparse 


fsutil tiering 


fsutil transaction 


DESCRIPTION 


Lists hard links for a file, or creates a hard link (a directory 
entry for a file). Every file can be considered to have at least 
one hard link. On NTFS volumes, each file can have multiple 
hard links, so a single file can appear in many directories (or 
even in the same directory, with different names). Because all 
of the links reference the same file, programs can open any 
of the links and modify the file. A file is deleted from the file 
system only after all links to it are deleted. After you create a 
hard link, programs can use it like any other file name. 


Manages object identifiers, which are used by the Windows 
operating system to track objects such as files and 
directories. 


Manages disk quotas on NTFS volumes to provide more 
precise control of network-based storage. Disk quotas are 
implemented on a per-volume basis and enable both hard- 
and soft-storage limits to be implemented on a per-user 
basis. 


Queries or sets the self-healing state of the volume. Self 
healing NTFS attempts to correct corruptions of the NTFS file 
system online without requiring Chkdsk.exe to be run. 
Includes initiating on-disk verification and waiting for repair 
completion. 


Queries or deletes reparse points (NTFS file system objects 
that have a definable attribute containing user-controlled 
data). Reparse points are used to extend functionality in the 
input/output (I/O) subsystem. They are used for directory 
junction points and volume mount points. They are also used 
by file system filter drivers to mark certain files as special to 
that driver. 


Creates a Secondary Transactional Resource Manager, starts 
or stops a Transactional Resource Manager, displays 
information about a Transactional Resource Manager or 
modifies its behavior. 


Manages sparse files. A sparse file is a file with one or more 
regions of unallocated data in it. A program will see these 
unallocated regions as containing bytes with the value zero, 
but no disk space is used to represent these zeros. All 
meaningful or nonzero data is allocated, whereas all non- 
meaningful data (large strings of data composed of zeros) is 
not allocated. When a sparse file is read, allocated data is 
returned as stored and unallocated data is returned as zeros 
(by default in accordance with the C2 security requirement 
specification). Sparse file support allows data to be 
deallocated from anywhere in the file. 


Enables management of storage tier functions, such as 
setting and disabling flags and listing of tiers. 


Commits a specified transaction, rolls back a specified 
transaction, or displays info about the transaction. 


SUBCOMMAND 


fsutil usn 


fsutil volume 


fsutil wim 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Manages the update sequence number (USN) change 
journal, which provides a persistent log of all changes made 
to files on the volume. 


Manages a volume. Dismounts a volume, queries to see how 
much free space is available on a disk, or finds a file that is 
using a specified cluster. 


Provides functions to discover and manage WIM-backed 
files. 


fsutil 8dot3name 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 

Queries or changes the settings for short name (8dot3 name) behavior, which includes: 

e Querying the current setting for the short name behavior. 


e Scanning the specified directory path for registry keys that might be impacted if short names were stripped 
from the specified directory path. 


e Changing the setting that controls the short name behavior. This setting can be applied to a specified 
volume or to the default volume setting. 


e Removing the short names for all files within a directory. 





IMPORTANT 


Permanently removing 8dot3 file names and not modifying registry keys that point to the 8dot3 file names may lead to 
unexpected application failures, including the inability to uninstall an application. It is recommended you first back up your 
directory or volume before you attempt to remove 8dot3 file names. 





Syntax 


fsutil 8dot3name [query] [<volumepath>] 

fsutil 8dot3name [scan] [/s] [/1 [<log file>] ] [/v] <directorypath> 

fsutil 8dot3name [set] { <defaultvalue> | <volumepath> {1]0}} 

fsutil 8dot3name [strip] [/t] [/s] [/f] [/1 [<log file.] ] [/v] <directorypath> 


Parameters 

PARAMETER DESCRIPTION 

query [<volumepath>] Queries the file system for the state of the 8dot3 short name 
creation behavior. 
If a volumepath isn't specified as a parameter, the default 
8dot3name creation behavior setting for all volumes is 
displayed. 

scan <directorypath> Scans the files that are located in the specified directorypath 


for registry keys that might be impacted if 8dot3 short names 
were stripped from the file names. 


PARAMETER 


set { <defaultvalue> | <volumepath>} 


strip <directorypath> 


<volumepath> 


/f 


Å 


[<log file>] 


DESCRIPTION 


Changes the file system behavior for 8dot3 name creation in 

the following instances: 

e When aefaultvalue is specified, the registry key, 
HKLM\System\CurrentControlSet\Control\FileS 
ystem\NtfsDisable8dot3 NameCreationNtfsDisa 
ble8dot3 NameCreationNtfsDisable8dot3 NameC 
reation, is set to the defau/tvalue. 


The Default Value can have the following values: 


o 0: Enables 8dot3 name creation for all volumes 
on the system. 

© 1: Disables 8dot3 name creation for all volumes 
on the system. 

© 2: Sets 8dot3 name creation on a per volume 
basis. 

© 3: Disables 8dot3 name creation for all volumes 
except the system volume. 

@ When a volumepath is specified, the specified volumes 
on disk flag 8dot3name properties are set to enable 
8dot3 name creation for a specified volume (0) or set 
to disable 8dot3 name creation on the specified 
volume (1). 


You must set the default file system behavior for 
8dot3 name creation to the value 2 before you 
can enable or disable 8dot3 name creation for a 
specified volume. 


Removes the 8dot3 file names for all files that are located in 
the specified directorypath. The 8dot3 file name is not 
removed for any files where the directorypath combined with 
the file name contains more than 260 characters. 


This command lists, but does not modify the registry keys 
that point to the files that had 8dot3 file names 
permanently removed. 


Specifies the drive name followed by a colon or the GUID in 
the format volume{GUID} . 


Specifies that all files that are located in the specified 
directorypath have the 8dot3 file names removed even if 
there are registry keys that point to files using the 8dot3 file 
name. In this case, the operation removes the 8dot3 file 
names, but does not modify any registry keys that point to 
the files that are using the 8dot3 file names. Warning: It's 
recommended that you back up your directory or volume 
prior to using the /f parameter because it may lead to 
unexpected application failures, including the inability to 
uninstall programs. 


Specifies a log file where information is written. 
If the /I parameter isn't specified, all information is written 
to the default log file: 


%temp%\8dot3_removal_log@(GMT YYYY-MM-DD HH-MM- 
SS) 


Jog** 


PARAMETER DESCRIPTION 


/s Specifies that the operation should be applied to the 
subdirectories of the specified directorypath. 


/t Specifies that the removal of 8dot3 file names should be run 
in test mode. All operations except the actual removal of the 
8dot3 file names are performed. You can use test mode to 
discover which registry keys point to files that use the 8dot3 
file names. 


N Specifies that all information that is written to the log file is 
also displayed on the command-line. 


Examples 


To query for the disable 8dot3 name behavior for a disk volume that is specified with the GUID, {928842df-5a01- 
11de-a85c-806e6f6e6963}, type: 


fsutil 8dot3name query volume(928842df-5a91-11de-a85c-8Ø6e6f6e6963) 


You can also query the 8dot3 name behavior by using the behavior subcommand. 
To remove 8dot3 file names in the D:\MyData directory and all subdirectories, while writing the information to the 


log file that is specified as mylogfile.log, type: 


fsutil 8dot3name strip /1 mylogfile.log /s d:\MyData 


Additional References 
e Command-Line Syntax Key 
e fsutil 


e fsutil behavior 


fsutil behavior 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Queries or sets NTFS volume behavior, which includes: 
e Creating the 8.3 character-length file names. 
e Extending character use in 8.3 character-length short file names on NTFS volumes. 


e Updating of the Last Access Time stamp when directories are listed on NTFS volumes. 


e The frequency with which quota events are written to the system log and to NTFS paged pool and NTFS 
non-paged pool memory cache levels. 


e The size of the master file table zone (MFT Zone). 
e Silent deletion of data when the system encounters corruption on an NTFS volume. 


e File-delete notification (also known as trim or unmap). 


Syntax 


fsutil behavior query {allowextchar | bugcheckoncorrupt | disable8dot3 [<volumepath>] | disablecompression 
disablecompressionlimit | disableencryption | disablefilemetadataoptimization | disablelastaccess | 
disablespotcorruptionhandling | disabletxf | disablewriteautotiering | encryptpagingfile | mftzone | 
memoryusage | quotanotify | symlinkevaluation | disabledeletenotify} 


fsutil behavior set {allowextchar {1|0} | bugcheckoncorrupt {1|0} | disable8dot3 [ <value> | [<volumepath> 
{1|@}] ] | disablecompression {1|0} | disablecompressionlimit {1|@} | disableencryption {1|0} | 
disablefilemetadataoptimization {1|@} | disablelastaccess {1|@} | disablespotcorruptionhandling {1]@} | 
disabletxf {1|0} | disablewriteautotiering {1|0} | encryptpagingfile {1|0} | mftzone <Value> | memoryusage 
<Value> | quotanotify <frequency> | symlinkevaluation <symboliclinktype> | disabledeletenotify (1|9)) 


Parameters 
PARAMETER DESCRIPTION 
query Queries the file system behavior parameters. 
set Changes the file system behavior parameters. 
allowextchar {1]|e} Allows (1) or disallows (0) characters from the extended 


character set (including diacritic characters) to be used in 8.3 
character-length short file names on NTFS volumes. 


You must restart your computer for this parameter to 
take effect. 


PARAMETER 


Bugcheckoncorrupt (10) 


disable8dot3 [] {110} 


disablecompression {10} 


disablecompressionlimit (1|ø) 


disableencryption {110} 


disablefilemetadataoptimization (1|e) 


disablelastaccess {1|0} 


DESCRIPTION 


Allows (1) or disallows (0) generation of a bug check when 
there is corruption on an NTFS volume. This feature can be 
used to prevent NTFS from silently deleting data when used 
with the Self-Healing NTFS feature. 


You must restart your computer for this parameter to 
take effect. 


Disables (1) or enables (0) the creation of 8.3 character-length 
file names on FAT- and NTFS-formatted volumes. Optionally, 
prefix with the volumepath specified as a drive name followed 
by a colon or GUID. 


Disables (1) or enables (0) NTFS compression. 


You must restart your computer for this parameter to 
take effect. 


Disables (1) or enables (0) NTFS compression limit on NTFS 
volume. When a compressed file reaches a certain level of 
fragmentation, rather than failing to extend the file, NTFS 
stops compressing additional extents of the file. This was done 
to allow compressed files to be larger than they normally 
would be. Setting this value to TRUE disables this feature 
which limits the size of compressed files on the system. We 
don't recommend disabling this feature. 


You must restart your computer for this parameter to 
take effect. 


Disables (1) or enables (0) the encryption of folders and files 
on NTFS volumes. 


You must restart your computer for this parameter to 
take effect. 


Disables (1) or enables (0) file metadata optimization. NTFS 
has a limit on how many extents a given file can have. 
Compressed and sparse files can become very fragmented. By 
default, NTFS periodically compacts its internal metadata 
structures to allow for more fragmented files. Setting this 
value to TRUE disables this internal optimization. We don't 
recommend disabling this feature. 


You must restart your computer for this parameter to 
take effect. 


Disables (1) or enables (0) updates to the Last Access Time 
stamp on each directory when directories are listed on an 
NTFS volume. 


You must restart your computer for this parameter to 
take effect. 


PARAMETER 


disablespotcorruptionhandling (116) 


disabletxf {1]e} 


disablewriteautotiering (1|9) 


encryptpagingfile {110} 


mftzone <value> 


memoryusage <value> 


quotanotify <frequency> 


DESCRIPTION 


Disables (1) or enables (0) spot corruption handling. Also 
allows system administrators to run CHKDSK to analyze the 
state of a volume without taking it offline. We don't 
recommend disabling this feature. 


You must restart your computer for this parameter to 
take effect. 


Disables (1) or enables (0) txf on the specified NTFS volume. 
TF is an NTFS feature that provides transaction like semantics 
to file system operations. XF is presently deprecated, but the 
functionality is still available. We don't recommend disabling 
this feature on the C: volume. 


You must restart your computer for this parameter to 
take effect. 


Disables ReFS v2 auto tiering logic for tiered volumes. 


You must restart your computer for this parameter to 
take effect. 


Encrypts (1) or doesn't encrypt (0) the memory paging file in 
the Windows operating system. 


You must restart your computer for this parameter to 
take effect. 


Sets the size of the MFT Zone, and is expressed as a multiple 
of 200MB units. Set value to a number from 1 (default is 200 
MB) to 4 (maximum is 800 MB). 


You must restart your computer for this parameter to 
take effect. 


Configures the internal cache levels of NTFS paged-pool 
memory and NTFS nonpaged-pool memory. Set to 1 or 2. 
When set to 1 (the default), NTFS uses the default amount of 
paged-pool memory. When set to 2, NTFS increases the size 
of its lookaside lists and memory thresholds. (A lookaside list 
is a pool of fixed-size memory buffers that the kernel and 
device drivers create as private memory caches for file system 
operations, such as reading a file.) 


You must restart your computer for this parameter to 
take effect. 


Configures how frequently NTFS quota violations are reported 
in the system log. Valid values for are in the range 0 — 
4294967295. The default frequency is 3600 seconds (one 
hour). 


You must restart your computer for this parameter to 
take effect. 


PARAMETER DESCRIPTION 


symlinkevaluation <symboliclinktype> Controls the kind of symbolic links that can be created on a 
computer. Valid choices are: 
e 1 - Local to local symbolic links, L2L:{@|1} 
e 2 - Local to remote symbolic links, L2R:{1|@} 
e 3 - Remote to local symbolic links, R2L:{1]0} 


e 4 - Remote to remote symbolic links, R2R:{1] 0} 


disabledeletenotify Disables (1) or enables (0) delete notifications. Delete 

notifications (also known as trim or unmap) is a feature that 

notifies the underlying storage device of clusters that have 

been freed due to a file delete operation. In addition: 

e For systems using ReFS v2, trim is disabled by default. 

e For systems using ReFS v1, trim is enabled by default. 

e For systems using NTFS, trim is enabled by default 
unless an administrator disables it. 

e If your hard disk drive or SAN reports that it doesn't 
support trim, then your hard disk drive and SANs 
don't get trim notifications. 

e Enabling or disabling doesn't require a restart. 

e Trim is effective when the next unmap command is 
issued. 

e Existing inflight IO are not impacted by the registry 
change. 

e Doesn't require any service restart when you enable or 
disable trim. 


Remarks 


e The MFT Zone is a reserved area that enables the master file table (MFT) to expand as needed to prevent 
MFT fragmentation. If the average file size on the volume is 2 KB or less, it can be beneficial to set the 
mftzone value to 2. If the average file size on the volume is 1 KB or less, it can be beneficial to set the 
mftzone value to 4. 


When disable8dot3 is set to 0, every time you create a file with a long file name, NTFS creates a second 
file entry that has an 8.3 character-length file name. When NTFS creates files in a directory, it must look up 
the 8.3 character-length file names that are associated with the long file names. This parameter updates the 
HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation registry 
key. 


The allowextchar parameter updates the 
HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsAllowExtendedCharacterIn8dot3Na 
me registry key. 


e Thedisablelastaccess parameter reduces the impact of logging updates to the Last Access Time stamp 
on files and directories. Disabling the Last Access Time feature improves the speed of file and directory 
access. This parameter updates the 
HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate registry 
key. 


Notes: 


o File-based Last Access Time queries are accurate even if all on-disk values aren't current. NTFS 
returns the correct value on queries because the accurate value is stored in memory. 


o One hour is the maximum amount of time that NTFS can defer updating Last Access Time on disk. 
If NTFS updates other file attributes such as Last Modify Time, and a Last Access Time update is 


pending, NTFS updates Last Access Time with the other updates without additional performance 
impact. 


o Thedisablelastaccess parameter can affect programs such as Backup and Remote Storage, which 


rely on this feature. 


e Increasing the physical memory doesn't always increase the amount of paged pool memory available to 
NTFS. Setting memoryusage to 2 raises the limit of paged pool memory. This might improve performance 
if your system is opening and closing many files in the same file set and is not already using large amounts 
of system memory for other apps or for cache memory. If your computer is already using large amounts of 
system memory for other apps or for cache memory, increasing the limit of NTFS paged and non-paged 
pool memory reduces the available pool memory for other processes. This might reduce overall system 
performance. This parameter updates the 
HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsMemoryUsage registry key. 


e The value specified in the mftzone parameter is an approximation of the initial size of the MFT plus the MFT 
Zone on a new volume, and it is set at mount time for each file system. As space on the volume is used, 
NTFS adjusts the space reserved for future MFT growth. If the MFT Zone is already large, the full MFT Zone 
size is not reserved again. Because the MFT Zone is based on the contiguous range past the end of the MFT, 
it shrinks as the space is used. 


The file system doesn't determine the new MFT Zone location until the current MFT Zone is completely used. 
Note that this never occurs on a typical system. 


e Some devices may experience performance degradation when the delete notification feature is turned on. In 
this case, use the disabledeletenotify option to turn off the notification feature. 


Examples 
To query for the disable 8dot3 name behavior for a disk volume specified with the GUID, (928842df-5a01-11de- 
a85c-806e6f6e6963), type: 


fsutil behavior query disable8dot3 volume{928842df-5a@1-11de-a85c -806e6f6e6963} 


You can also query the 8dot3 name behavior by using the 8dot3name subcommand. 


To query the system to see if TRIM is enabled or not, type: 


fsutil behavior query DisableDeleteNotify 


This yields an output similar to this: 


NTFS DisableDeleteNotify = 1 
ReFS DisableDeleteNotify is not currently set 


To override the default behavior for TRIM (disabledeletenotify) for ReFS v2, type: 


fsutil behavior set disabledeletenotify ReFS @ 


To override the default behavior for TRIM (disabledeletenotify) for NTFS and ReFS v1, type: 


fsutil behavior set disabledeletenotify 1 


Additional References 
e Command-Line Syntax Key 


e fsutil 


e fsutil 8dot3name 


fsutil dirty 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Queries or sets a volume's dirty bit. When a volume's dirty bit is set, autochk automatically checks the volume for 
errors the next time the computer is restarted. 


Syntax 


fsutil dirty {query | set} <volumepath> 


Parameters 
PARAMETER DESCRIPTION 
query Queries the specified volume's dirty bit. 
set Sets the specified volumes dirty bit. 
<volumepath> Specifies the drive name followed by a colon or GUID in the 
following format: volume{GUID} . 
Remarks 


e Avolume's dirty bit indicates that the file system may be in an inconsistent state. The dirty bit can be set 
because: 


o The volume is online and it has outstanding changes. 


o Changes were made to the volume and the computer was shut down before the changes were 
committed to the disk. 


o Corruption was detected on the volume. 


e If the dirty bit is set when the computer restarts, chkdsk runs to verify the file system integrity and to 
attempt to fix any issues with the volume. 


Examples 


To query the dirty bit on drive C, type: 


fsutil dirty query c: 


e Ifthe volume is dirty, the following output displays: Volume C: is dirty 
e Ifthe volume isn't dirty, the following output displays: Volume C: is not dirty 


To set the dirty bit on drive C, type: 


fsutil dirty set C: 


Additional References 
e Command-Line Syntax Key 


e fsutil 


fsutil file 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Finds a file by user name (if Disk Quotas are enabled), queries allocated ranges for a file, sets a file's short name, 
sets a file's valid data length, sets zero data for a file, or creates a new file. 


Syntax 


fsutil file [createnew] <filename> <length> 

fsutil file [findbysid] <username> <directory> 

fsutil file [optimizemetadata] [/A] <filename> 

fsutil file [queryallocranges] offset=<offset> length=<length> <filename> 
fsutil file [queryextents] [/R] <filename> [<startingvcn> [<numvcns>]] 
fsutil file [queryfileid] <filename> 

fsutil file [queryfilenamebyid] <volume> <fileid> 

fsutil file [queryoptimizemetadata] <filename> 

fsutil file [queryvaliddata] [/R] [/D] <filename> 

fsutil file [seteof] <filename> <length> 

fsutil file [setshortname] <filename> <shortname> 

fsutil file [setvaliddata] <filename> <datalength> 

fsutil file [setzerodata] offset=<offset> length=<length> <filename> 


Parameters 
PARAMETER DESCRIPTION 
createnew Creates a file of the specified name and size, with content that 
consists of zeroes. 
<length> Specifies the file's valid data length. 
findbysid Finds files that belong to a specified user on NTFS volumes 
where Disk Quotas are enabled. 
<username> Specifies the user's user name or logon name. 
<directory> Specifies the full path to the directory, for example C:\users. 
optimizemetadata This performs an immediate compaction of the metadata for a 
given file. 
/a Analyze file metadata before and after optimization. 
queryallocranges Queries the allocated ranges for a file on an NTFS volume. 


Useful for determining whether a file has sparse regions. 


offset= <offset> Specifies the start of the range that should be set to zeroes. 


PARAMETER 


length= <length> 


queryextents 


fr 


<startingvcn> 


<numvcns> 


queryfileid 


<volume> 


queryfilenamebyid 


<fileid> 


queryoptimizemetadata 


queryvaliddata 


/d 


seteof 


setshortname 


<shortname> 


setvaliddata 


<datalength> 


setzerodata 


Remarks 


DESCRIPTION 


Specifies the length of the range (in bytes). 


Queries extents for a file. 


If is a reparse point, open it rather than its target. 


Specifies first VCN to query. If omitted, start at VCN 0. 


Number of VCNs to query. If omitted or 0, query until EOF. 


Queries the file ID of a file on an NTFS volume. 


Specifies the volume as drive name followed by a colon. 


Displays a random link name for a specified file ID on an NTFS 
volume. Since a file can have more than one link name 
pointing to that file, it is not guaranteed which file link will be 
provided as a result of the query for the file name. 


Specifies the ID of the file on an NTFS volume. 


Queries the metadata state of a file. 


Queries the valid data length for a file. 


Display detailed valid data information. 


Sets the EOF of the given file. 


Sets the short name (8.3 character-length file name) for a file 
on an NTFS volume. 


Specifies the file's short name. 


Sets the valid data length for a file on an NTFS volume. 


Specifies the length of the file in bytes. 


Sets a range (specified by offset and /ength) of the file to 
zeroes, which empties the file. If the file is a sparse file, the 
underlying allocation units are decommitted. 


e in NTFS, there are two important concepts of file length: the end-of-file (EOF) marker and the Valid Data 
Length (VDL). The EOF indicates the actual length of the file. The VDL identifies the length of valid data on 
disk. Any reads between VDL and EOF automatically return 0 to preserve the C2 object reuse requirement. 


e Thesetvaliddata parameter is only available for administrators because it requires the Perform volume 


maintenance tasks (SeManageVolumePrivilege) privilege. This feature is only required for advanced 


multimedia and system area network scenarios. The setvaliddata parameter must be a positive value that 


is greater than the current VDL, but less than the current file size. 


It is useful for programs to set a VDL when: 


o Writing raw clusters directly to disk through a hardware channel. This allows the program to inform 
the file system that this range contains valid data that can be returned to the user. 


o Creating large files when performance is an issue. This avoids the time it takes to fill the file with 
zeroes when the file is created or extended. 


Examples 


To find files that are owned by scottb on drive C, type: 
fsutil file findbysid scottb c:\users 
To query the allocated ranges for a file on an NTFS volume, type: 
fsutil file queryallocranges offset=1024 length=64 c:\temp\sample.txt 
To optimize metadata for a file, type: 
fsutil file optimizemetadata C:\largefragmentedfile.txt 
To query the extents for a file, type: 
fsutil file queryextents C:\Temp\sample.txt 
To set the EOF for a file, type: 
fsutil file seteof C:\testfile.txt 1000 
To set the short name for the file, /ongfilename.txt on drive C to /ongfile.txt, type: 
fsutil file setshortname c:\longfilename.txt longfile.txt 
To set the valid data length to 4096 bytes for a file named testfile.txt on an NTFS volume, type: 
fsutil file setvaliddata c:\testfile.txt 4096 
To set a range of a file on an NTFS volume to zeros to empty it, type: 


fsutil file setzerodata offset=100 length=150 c:\temp\sample.txt 


Additional References 


e Command-Line Syntax Key 


e fsutil 


fsutil fsinfo 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Lists all drives, queries the drive type, queries volume information, queries NTFS-specific volume information, or 
queries file system statistics. 


Syntax 


fsutil fsinfo [drives] 

fsutil fsinfo [drivetype] <volumepath> 
fsutil fsinfo [ntfsinfo] <rootpath> 
fsutil fsinfo [statistics] <volumepath> 
fsutil fsinfo [volumeinfo] <rootpath> 


Parameters 
PARAMETER DESCRIPTION 
drives Lists all drives in the computer. 
drivetype Queries a drive and lists its type, for example CD-ROM drive. 
ntfsinfo Lists NTFS specific volume information for the specified 
volume, such as the number of sectors, total clusters, free 
clusters, and the start and end of the MFT Zone. 
sectorinfo Lists information about the hardware's sector size and 
alignment. 
statistics Lists file system statistics for the specified volume, such as 
metadata, log file, and MFT reads and writes. 
volumeinfo Lists information for the specified volume, such as the file 
system, and whether the volume supports case-sensitive file 
names, unicode in file names, disk quotas, or is a DirectAccess 
(DAX) volume. 
<volumepath>: Specifies the drive letter (followed by a colon). 
<rootpath>: Specifies the drive letter (followed by a colon) of the root 
drive. 
Examples 


To list all of the drives in the computer, type: 


fsutil fsinfo drives 


Output similar to the following displays: 


Drives: AN CA DEN EGN 


To query the drive type of drive C, type: 


fsutil fsinfo drivetype c: 


Possible results of the query include: 


Unknown Drive 

No such Root Directory 

Removable Drive, for example floppy 
Fixed Drive 

Remote/Network Drive 

CD-ROM Drive 

Ram Disk 


To query the volume information for volume E, type: 


fsinfo volumeinfo e:\ 


Output similar to the following displays: 


Volume Name : Volume 
Serial Number : Øxdøb634d9 
Max Component Length : 255 
File System Name : NTFS 
Supports Named Streams 

Is DAX Volume 


To query drive F for NTFS-specific volume information, type: 


fsutil fsinfo ntfsinfo f: 


Output similar to the following displays: 


NTFS Volume Serial Number : Øxe66Ød46a6Ød442cb 
Number Sectors : Øx0000000001Øea94f 

Total Clusters : Øx000000000021d409 

Mft Zone End : 9x0000000000004700 


To query the file system's underlying hardware for sector information, type: 


fsinfo sectorinfo d: 


Output similar to the following displays: 


D:\>fsutil fsinfo sectorinfo d: 
LogicalBytesPerSector : 4096 
PhysicalBytesPerSectorForAtomicity : 4096 
Trim Not Supported 

DAX capable 


To query the file system statistics for drive E, type: 


fsinfo statistics e: 
Output similar to the following displays: 


File System Type : NTFS 
Version : 1 

UserFileReads : 75021 
UserFileReadBytes : 1305244512 
LogFileWriteBytes : 180936704 


Additional References 


e Command-Line Syntax Key 


e fsutil 


fsutil hardlink 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Creates a hard link between an existing file and a new file. A hard link is a directory entry for a file. Every file can be 
considered to have at least one hard link. 


On NTFS volumes, each file can have multiple hard links, so a single file can appear in many directories (or even in 
the same directory with different names). Because all of the links reference the same file, programs can open any 
of the links and modify the file. A file is deleted from the file system only after all links to it have been deleted. After 
you create a hard link, programs can use it like any other file name. 


Syntax 


fsutil hardlink create <newfilename> <existingfilename> 
fsutil hardlink list <filename> 


Parameters 
PARAMETER DESCRIPTION 
create Establishes an NTFS hard link between an existing file and a 
new file. (An NTFS hard link is similar to a POSIX hard link.) 
<newfilename> Specifies the file that you want to create a hard link to. 
<existingfilename> Specifies the file that you want to create a hard link from. 
list Lists the hard links to filename. 


Additional References 
e Command-Line Syntax Key 


e fsutil 


fsutil objectid 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Manages object identifiers (OIDs), which are internal objects used by the Distributed Link Tracking (DLT) Client 
service and File Replication Service (FRS), to track other objects such as files, directories, and links. Object 
identifiers are invisible to most programs and should never be modified. 





WARNING 


Don't delete, set, or otherwise modify an object identifier. Deleting or setting an object identifier can result in the loss of data 
from portions of a file, up to and including entire volumes of data. In addition, you might cause adverse behavior in the 
Distributed Link Tracking (DLT) Client service and File Replication Service (FRS). 





Syntax 


fsutil objectid [create] <filename> 
fsutil objectid [delete] <filename> 
fsutil objectid [query] <filename> 
fsutil objectid [set] <objectID> <birthvolumeID> <birthobjectID> <domainID> <filename> 


Parameters 
PARAMETER DESCRIPTION 
create Creates an object identifier if the specified file does not already 
have one. If the file already has an object identifier, this 
subcommand is equivalent to the query subcommand. 
delete Deletes an object identifier. 
query Queries an object identifier. 
set Sets an object identifier. 
<objectID> Sets a file-specific 16 byte hexadecimal identifier that is 
guaranteed to be unique within a volume. The object identifier 
is used by the Distributed Link Tracking (DLT) Client service 
and the File Replication Service (FRS) to identify files. 
<birthvolumeID> Indicates the volume on which the file was located when it 
first obtained an object identifier This value is a 16-byte 
hexadecimal identifier that is used by the DLT Client service. 
<birthobjectID> Indicates the file's original object identifier (The object/D may 


change when a file is moved). This value is a 16-byte 
hexadecimal identifier that is used by the DLT Client service. 


PARAMETER DESCRIPTION 


«domainID> 16-byte hexadecimal domain identifier. This value isn't 
currently used and must be set to all zeros. 


<filename> Specifies the full path to the file including the file name and 
extension, for example C:\documents\filename txt. 


Remarks 


e Any file that has an object identifier also has a birth volume identifier, a birth object identifier, and a domain 
identifier. When you move a file, the object identifier may change, but the birth volume and birth object 
identifiers remain the same. This behavior enables the Windows operating system to always find a file, no 
matter where it has been moved. 


Examples 


To create an object identifier, type: 

fsutil objectid create c:\temp\sample.txt 
To delete an object identifier, type: 

fsutil objectid delete c:\temp\sample.txt 
To query an object identifier, type: 

fsutil objectid query c:\temp\sample.txt 


To set an object identifier, type: 


fsutil objectid set 40dff02Fc9b4d4118F120090273Fa9Fc f86ad6865Fe8d21183910008c709d19e 
40dff02Fc9b4d4118F120090273Fa9Fc 90000000000000000000000000000000 c:\temp\sample.txt 


Additional References 
e Command-Line Syntax Key 


e fsutil 


fsutil quota 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Manages disk quotas on NTFS volumes to provide more precise control of network-based storage. 


Syntax 


fsutil quota [disable] <volumepath> 

fsutil quota [enforce] <volumepath> 

fsutil quota [modify] <volumepath> <threshold> <limit> <username> 
fsutil quota [query] <volumepath> 

fsutil quota [track] <volumepath> 

fsutil quota [violations] 


Parameters 
PARAMETER DESCRIPTION 
disable Disables quota tracking and enforcement on the specified 
volume. 
enforce Enforces quota usage on the specified volume. 
modify Modifies an existing disk quota or creates a new quota. 
query Lists existing disk quotas. 
track Tracks disk usage on the specified volume. 
violations Searches the system and application logs and displays a 
message to indicate that quota violations have been detected 
or that a user has reached a quota threshold or quota limit. 
<volumepath> Required. Specifies the drive name followed by a colon or the 
GUID in the format volume{GUID} . 
<threshold> Sets the limit (in bytes) at which warnings are issued. This 
parameter is required for the fsutil quota modify 
command. 
<limit> Sets the maximum allowed disk usage (in bytes). This 
parameter is required for the fsutil quota modify 
command. 
<username> Specifies the domain or user name. This parameter is required 


for the fsutil quota modify command. 


Remarks 


e Disk quotas are implemented on a per-volume basis, and they enable both hard and soft storage limits to be 


implemented on a per-user basis. 


e You can use write scripts that use fsutil quota to set the quota limits every time you add a new user or to 
automatically track quota limits, compile them into a report, and automatically send them to the system 


administrator in e-mail. 
Examples 
To list existing disk quotas for a disk volume that is specified with the GUID, {928842df-5a01-11de-a85c- 
806e6f6e6963}, type: 

fsutil quota query volume{928842df-5a01-11de-a85c -806e6f6e6963} 


To list existing disk quotas for a disk volume that is specified with the drive letter, C:, type: 


fsutil quota query C: 


Additional References 


e Command-Line Syntax Key 


e fsutil 


fsutil repair 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Administers and monitors NTFS self-healing repair operations. Self-healing NTFS attempts to correct corruptions 


of the NTFS file system online, without requiring Chkdsk.exe to be run. For more information, see Self-healing 


NTFS. 


Syntax 


fsutil repair [enumerate] <volumepath> [<logname>] 
fsutil repair [initiate] <volumepath> <filereference> 
fsutil repair [query] <volumepath> 

fsutil repair [set] <volumepath> <flags> 

fsutil repair [wait][<waittype>] <volumepath> 


Parameters 


PARAMETER 
enumerate 


<logname> 


initiate 


<filereference> 


query 
set 


<flags> 


state 


DESCRIPTION 


Enumerates the entires of a volume's corruption log. 


Can be $corrupt , the set of confirmed corruptions in the 
volume or $verify , a set of potential, unverified corruptions 
in the volume. 


Initiates NTFS self-healing. 


Specifies the NTFS volume-specific file ID (file reference 
number). The file reference includes the segment number of 
the file. 


Queries the self-healing state of the NTFS volume. 


Sets the self-healing state of the volume. 


Specifies the repair method to be used when setting the self- 
healing state of the volume. 


This parameter can be set to three values: 


e 0x01 - Enables general repair. 
© 0x09 - Warns about potential data loss without repair. 
© 0x00 - Disables NTFS self-healing repair operations. 


Queries the corruption state of the system or for a given 
volume. 


PARAMETER 


wait 


[waittype {0|1}] 


Examples 


To enumerate the confirmed corruptions of a volume, type: 


fsutil repair enumerate C: $Corrupt 

To enable self-healing repair on drive C, type: 
fsutil repair set c: 1 

To disable self-healing repair on drive C, type: 


fsutil repair set c: @ 


Additional References 
e Command-Line Syntax Key 
e fsutil 


e Self-healing NTFS 


DESCRIPTION 


Waits for repair(s) to complete. If NTFS has detected a 
problem on a volume on which it is performing repairs, this 
option allows the system to wait until the repair is complete 
before it runs any pending scripts. 


Indicates whether to wait for the current repair to complete or 
to wait for all repairs to complete. The waittype parameter can 
be set to the following values: 

© 0 - Waits for all repairs to complete. (default value) 

e 1 - Waits for the current repair to complete. 


fsutil reparsepoint 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Queries or deletes reparse points. The fsutil reparsepoint command is typically used by support professionals. 


Reparse points are NTFS file system objects that have a definable attribute, which contains user-defined data. 
They're used to: 


e Extend functionality in the input/output (I/O) subsystem. 
e Actas directory junction points and volume mount points. 


e Mark certain files as special to a file system filter driver. 


Syntax 


fsutil reparsepoint [query] <filename> 
fsutil reparsepoint [delete] <filename> 


Parameters 
PARAMETER DESCRIPTION 
query Retrieves the reparse point data that is associated with the file 
or directory identified by the specified handle. 
delete Deletes a reparse point from the file or directory that is 
identified by the specified handle, but does not delete the file 
or directory. 
<filename> Specifies the full path to the file including the file name and 
extension, for example C:\documents\ filename txt. 
Remarks 


e When a program sets a reparse point, it stores this data, plus a reparse tag, which uniquely identifies the data it 
is storing. When the file system opens a file with a reparse point, it attempts to find the associated file system 
filter. If the file system filter is found, the filter processes the file as directed by the reparse data. If no file system 
filter is found, the File open operation fails. 


Examples 


To retrieve reparse point data associated with c'|server, type: 


fsutil reparsepoint query c:\server 


To delete a reparse point from a specified file or directory, use the following format: 


fsutil reparsepoint delete c:\server 


Additional References 
e Command-Line Syntax Key 


e fsutil 


util resource 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Creates a Secondary Transactional Resource Manager, starts or stops a Transactional Resource Manager, or displays 
information about a Transactional Resource Manager, and modifies the following behavior: 


e Whether a default Transactional Resource Manager cleans its transactional metadata at the next mount. 
e The specified Transactional Resource Manager to prefer consistency over availability. 
e The specified Transaction Resource Manager to prefer availability over consistency. 


e The characteristics of a running Transactional Resource Manager. 


Syntax 


fsutil resource [create] <rmrootpathname> 

fsutil resource [info] <rmrootpathname> 

fsutil resource [setautoreset] {true|false} <Defaultrmrootpathname> 

fsutil resource [setavailable] <rmrootpathname> 

fsutil resource [setconsistent] <rmrootpathname> 

fsutil resource [setlog] [growth {<containers> containers|<percent> percent} <rmrootpathname>] [maxextents 
<containers> <rmrootpathname>] [minextents <containers> <rmrootpathname>] [mode (full|undo) <rmrootpathname>] 
[rename <rmrootpathname>] [shrink <percent> <rmrootpathname>] [size <containers> <rmrootpathname> ] 

fsutil resource [start] <rmrootpathname> [<rmlogpathname> <tmlogpathname> 

fsutil resource [stop] <rmrootpathname> 


Parameters 
PARAMETER DESCRIPTION 
create Creates a secondary Transactional Resource Manager. 
<rmrootpathname> Specifies the full path to a Transactional Resource Manager 

root directory. 

info Displays the specified Transactional Resource Manager's 
information. 

setautoreset Specifies whether a default Transactional Resource Manager 


will clean the transactional metadata on the next mount. 

e true - Specifies that the Transaction Resource Manager 
will clean the transactional metadata on the next 
mount, by default. 

e false - Specifies that the Transaction Resource 
Manager will not clean the transactional metadata on 
the next mount, by default. 


<defaultrmrootpathname> Specifies the drive name followed by a colon. 


PARAMETER 


setavailable 


setconsistent 


setlog 


growth 


<containers> 


maxextent 


minextent 


mode {full]undo} 


rename 


shrink 


size 


start 


stop 


Examples 


DESCRIPTION 


Specifies that a Transactional Resource Manager will prefer 
availability over consistency. 


Specifies that a Transactional Resource Manager will prefer 
consistency over availability. 


Changes the characteristics of a Transactional Resource 
Manager that is already running. 


Specifies the amount by which the Transactional Resource 
Manager log can grow. 


The growth parameter can be specified as follows: 


e Number of containers, using the format: 


<containers> containers 


e Percentage, using the format: <percent> percent 


Specifies the data objects that are used by the Transactional 
Resource Manager. 


Specifies the maximum number of containers for the specified 
Transactional Resource Manager. 


Specifies the minimum number of containers for the specified 
Transactional Resource Manager. 


Specifies whether all transactions are logged ( full) or only 
rolled back events are logged (undo). 


Changes the GUID for the Transactional Resource Manager. 


Specifies percentage by which the Transactional Resource 
Manager log can automatically decrease. 


Specifies the size of the Transactional Resource Manager as a 
specified number of containers. 


Starts the specified Transactional Resource Manager. 


Stops the specified Transactional Resource Manager. 


To set the log for the Transactional Resource Manager that is specified by c:\tes¢ to have an automatic growth of 


five containers, type: 


fsutil resource setlog growth 5 containers c:test 


To set the log for the Transactional Resource Manager that is specified by c:\tes¢ to have an automatic growth of 


two percent, type: 


fsutil resource setlog growth 2 percent c:test 


To specify that the default Transactional Resource Manager will clean the transactional metadata on the next mount 
on drive C, type: 


fsutil resource setautoreset true c:N 


Additional References 
e Command-Line Syntax Key 
e fsutil 


e Transactional NTFS 


fsutil sparse 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Manages sparse files. A sparse file is a file with one or more regions of unallocated data in it. 


A program sees these unallocated regions as containing bytes with a zero value and that there's no disk space 
representing these zeros. When a sparse file is read, allocated data is returned as stored, and unallocated data is 
returned, by default, as zeros, in accordance with the C2 security requirement specification. Sparse file support 
allows data to be deallocated from anywhere in the file. 


Syntax 


fsutil sparse [queryflag] <filename> 

fsutil sparse [queryrange] <filename> 

fsutil sparse [setflag] <filename> 

fsutil sparse [setrange] <filename> <beginningoffset> <length> 


Parameters 
PARAMETER DESCRIPTION 
queryflag Queries sparse. 
queryrange Scans a file and searches for ranges that may contain nonzero 
data. 
setflag Marks the indicated file as sparse. 
setrange Fills a specified range of a file with zeros. 
<filename> Specifies the full path to the file including the file name and 
extension, for example C:\documents\filename txt. 
<beginningoffset> Specifies the offset within the file to mark as sparse. 
<length> Specifies the length of the region in the file to be marked as 
sparse (in bytes). 
Remarks 


e All meaningful or nonzero data is allocated, whereas all non-meaningful data (large strings of data that is 
composed of zeros) is not allocated. 


e In a sparse file, large ranges of zeroes may not require disk allocation. Space for nonzero data is allocated as 
needed when the file is written. 


e Only compressed or sparse files can have zeroed ranges known to the operating system. 


e If the file is sparse or compressed, NTFS may de-allocate disk space within the file. This sets the range of 


bytes to zeroes without extending the file size. 


Examples 


To mark a file named sample.txtin the c:\temp directory as sparse, type: 


fsutil sparse setflag c:\temp\sample.txt 
Additional References 


e Command-Line Syntax Key 


e fsutil 


fsutil tiering 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10 


Enables management of storage tier functions, such as setting and disabling flags and listing of tiers. 


Syntax 


fsutil tiering [clearflags] <volume> <flags> 
fsutil tiering [queryflags] <volume> 

fsutil tiering [regionlist] <volume> 

fsutil tiering [setflags] <volume> <flags> 
fsutil tiering [tierlist] <volume> 


Parameters 
PARAMETER DESCRIPTION 
clearflags Disables the tiering behavior flags of a volume. 
<volume> Specifies the volume. 
/trnh For volumes with tiered storage, causes Heat gathering to be 
disabled. 
Applies to NTFS and ReFS only. 
queryflags Queries the tiering behavior flags of a volume. 
regionlist Lists the tiered regions of a volume and their respective 
storage tiers. 
setflags Enables the tiering behavior flags of a volume. 
tierlist Lists the storage tiers associated with a volume. 
Examples 


To query the flags on volume C, type: 


fsutil tiering queryflags C: 


To set the flags on volume C, type: 


fsutil tiering setflags C: /trnh 


To clear the flags on volume C, type: 


fsutil tiering clearflags C: /trnh 

To list the regions of volume C and their respective storage tiers, type: 
fsutil tiering regionlist C: 

To list the tiers of volume C, type: 


fsutil tiering tierlist C: 


Additional References 
e Command-Line Syntax Key 


e fsutil 


fsutil transaction 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Manages NTFS transactions. 


Syntax 


fsutil transaction [commit] <GUID> 

fsutil transaction [fileinfo] <filename> 

fsutil transaction [list] 

fsutil transaction [query] [{files | all}] <GUID> 
fsutil transaction [rollback] <GUID> 


Parameters 


PARAMETER 


commit 


<GUID> 
fileinfo 

<filename> 
list 


query 


rollback 


Examples 


To display transaction information for file c:\testixt type: 


fsutil transaction fileinfo c:\test.txt 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Marks the end of a successful implicit or explicit specified 
transaction. 


Specifies the GUID value that represents a transaction. 


Displays transaction information for the specified file. 


Specifies full path and file name. 


Displays a list of currently running transactions. 


Displays information for the specified transaction. 

e |f fsutil transaction query files is specified, the 
file information is displayed only for the specified 
transaction. 


e |f fsutil transaction query all is specified, all 
information for the transaction will be displayed. 


Rolls back a specified transaction to the beginning. 


e fsutil 


e Transactional NTFS 


fsutil usn 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Manages the update sequence number (USN) change journal. The USN change journal provides a persistent log of 
all changes made to files on the volume. As files, directories, and other NTFS objects are added, deleted, and 
modified, NTFS enters records into the USN change journal, one for each volume on the computer. Each record 
indicates the type of change and the object changed. New records are appended to the end of the stream. 


Syntax 


fsutil usn [createjournal] m=<maxsize> a=<allocationdelta> <volumepath> 

fsutil usn [deletejournal] (/d | /n) <volumepath> 

fsutil usn [enablerangetracking] <volumepath> [options] 

fsutil usn [enumdata] <fileref> <lowUSN> <highUSN> <volumepath> 

fsutil usn [queryjournal] <volumepath> 

fsutil usn [readdata] <filename> 

fsutil usn [readjournal] [c= <chunk-size> s=<file-size-threshold>] <volumepath> 


Parameters 


PARAMETER DESCRIPTION 
createjournal Creates a USN change journal. 


m= <maxsize> Specifies the maximum size, in bytes, that NTFS allocates for 
the change journal. 


a= <allocationdelta> Specifies the size, in bytes, of memory allocation that is added 
to the end and removed from the beginning of the change 
journal. 


<volumepath> Specifies the drive letter (followed by a colon). 


deletejournal Deletes or disables an active USN change journal. 


CAUTION: Deleting the change journal impacts the File 
Replication Service (FRS) and the Indexing Service, because 
it requires these services to perform a complete (and 
time-consuming) scan of the volume. This in turn 
negatively impacts FRS SYSVOL replication and replication 
between DFS link alternates while the volume is being 
rescanned. 


/d Disables an active USN change journal, and returns 
input/output (I/O) control while the change journal is being 
disabled. 


/n Disables an active USN change journal and returns I/O control 
only after the change journal is disabled. 


PARAMETER 


enablerangetracking 


c= <chunk-size> 


S= <file-size-threshold> 


enumdata 


<fileref> 


< lowUSN> 


<highUSN> 


queryjournal 


readdata 


<filename> 


readjournal 


minver= <number> 


maxver= <number> 


startusn= <USN number> 


Remarks 


DESCRIPTION 


Enables USN write range tracking for a volume. 


Specifies the chunk size to track on a volume. 


Specifies the file size threshold for range tracking. 


Enumerates and lists the change journal entries between two 
specified boundaries. 


Specifies the ordinal position within the files on the volume at 
which the enumeration is to begin. 


Specifies the lower boundary of the range of USN values used 
to filter the records that are returned. Only records whose last 
change journal USN is between or equal to the /owU/SN and 
highUSN member values are returned. 


Specifies the upper boundary of the range of USN values used 
to filter the files that are returned. 


Queries a volume's USN data to gather information about the 
current change journal, its records, and its capacity. 


Reads the USN data for a file. 


Specifies the full path to the file, including the file name and 
extension For example: C:\documents\filename txt. 


Reads the USN records in the USN journal. 


Minimum Major Version of USN_RECORD to return. Default = 
2. 


Maximum Major Version of USN_RECORD to return. Default = 
4. 


USN to start reading the USN journal from. Default = 0. 


e Programs can consult the USN change journal to determine all the modifications made to a set of files. The 


USN change journal is much more efficient than checking time stamps or registering for file notifications. 


The USN change journal is enabled and used by the Indexing Service, File Replication Service (FRS), Remote 


Installation Services (RIS), and Remote Storage. 


e If achange journal already exists on a volume, the createjournal parameter updates the change journal's 


maxsize and allocationdelta parameters. This enables you to expand the number of records that an active 


journal maintains without having to disable it. 


The change journal can grow larger than this target value, but the change journal is truncated at the next 


NTFS checkpoint to less than this value. NTFS examines the change journal and trims it when its size 


exceeds the value of maxsize plus the value of allocationdelta. At NTFS checkpoints, the operating system 


writes records to the NTFS log file that enable NTFS to determine what processing is required to recover 


from a failure. 


e The change journal can grow to more than the sum of the values of maxsize and allocationdelta before 
being trimmed. 


e Deleting or disabling an active change journal is very time consuming, because the system must access all 
the records in the master file table (MFT) and set the last USN attribute to 0 (zero). This process can take 
several minutes, and it can continue after the system restarts, if a restart is necessary. During this process, 
the change journal is not considered active, nor is it disabled. While the system is disabling the journal, it 
cannot be accessed, and all journal operations return errors. You should use extreme care when disabling an 
active journal, because it adversely affects other applications that are using the journal. 


Examples 


To create a USN change journal on drive C, type: 
fsutil usn createjournal m=1Ø09 a=109 c: 

To delete an active USN change journal on drive C, type: 
fsutil usn deletejournal /d c: 

To enable range tracking with a specified chunk-size and file-size-threshold, type: 
fsutil usn enablerangetracking c=16384 s=67108864 C: 

To enumerate and list the change journal entries between two specified boundaries on drive C, type: 
fsutil usn enumdata 1 Ø 1 c: 

To query USN data for a volume on drive C, type: 
fsutil usn queryjournal c: 

To read the USN data for a file in the (Temp folder on drive C, type: 
fsutil usn readdata c:\temp\sample.txt 

To read the USN journal with a specific start USN, type: 


fsutil usn readjournal startusn=ØxFØ9 


Additional References 
e Command-Line Syntax Key 


e fsutil 


fsutil volume 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8 


Dismounts a volume, or queries the hard disk drive to determine how much free space is currently available on the 
hard disk drive or which file is using a particular cluster. 


Syntax 


fsutil volume [allocationreport] <volumepath> 

fsutil volume [diskfree] <volumepath> 

fsutil volume [dismount] <volumepath> 

fsutil volume [filelayout] <volumepath> <fileID> 

fsutil volume [list] 

fsutil volume [querycluster] <volumepath> <cluster> [<cluster>] .. .. 


Parameters 
PARAMETER DESCRIPTION 
allocationreport Displays information about how storage is used on a given 
volume. 
<volumepath> Specifies the drive letter (followed by a colon). 
diskfree Queries the hard disk drive to determine the amount of free 
space on it. 
dismount Dismounts a volume. 
filelayout Displays NTFS metadata for the given file. 
<fileID> Specifies the file id. 
list Lists all of the volumes on the system. 
querycluster Finds which file is using a specified cluster. You can specify 
multiple clusters with the querycluster parameter. 
<cluster> Specifies the logical cluster number (LCN). 
Examples 


To display an allocated clusters report, type: 


fsutil volume allocationreport C: 


To dismount a volume on drive C, type: 


fsutil volume dismount c: 


To query the amount of free space of a volume on drive C, type: 


fsutil volume diskfree c: 


To display all the information about a specified file(s), type: 


fsutil volume C: * 
fsutil volume C:\Windows 
fsutil volume C: 0x00040000000001bf 


To list the volumes on disk, type: 


fsutil volume list 


To find the file(s) that are using the clusters, specified by the logical cluster numbers 50 and 0x2000, on drive C, 
type: 


fsutil volume querycluster C: 50 Øx2000 


Additional References 


e Command-Line Syntax Key 
e fsutil 


e How NTFS Works 


fsutil wim 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


10 


Provides functions to discover and manage Windows Image (WIM)-backed files. 


Syntax 


fsutil wim [enumfiles] <drive name> <data source> 
fsutil wim [enumwims] <drive name> 
fsutil wim [queryfile] <filename> 
fsutil wim [removewim] <drive name> <data source> 


Parameters 


PARAMETER 
enumfiles 


<drive name> 
<data source> 
enumwims 


queryfile 


<filename> 
removewim 


Examples 


To enumerate the files for drive C: from data source 0, type: 


fsutil wim enumfiles C: @ 


To enumerate backing WIM files for drive C:, type: 


fsutil wim enumwims C: 


To see if a file is backed by WIM, type: 


fsutil wim C:\Windows\Notepad.exe 


DESCRIPTION 


Enumerates WIM backed files. 


Specifies the drive name. 


Specifies the data source. 


Enumerates backing WIM files. 


Queries if the file is backed by WIM, and if so, displays details 
about the WIM file. 


Specifies the filename. 


Removes a WIM from backing files. 


To remove the WIM from backing files for volume C: and data source 2, type: 


fsutil wim removewims C: 2 


Additional References 
e Command-Line Syntax Key 


e fsutil 


ftp 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Transfers files to and from a computer running a File Transfer Protocol (ftp) server service. This command can be 
used interactively or in batch mode by processing ASCII text files. 


Syntax 


ftp [-v] [-d] [-i] [-n] [-g] [-s:<filename>] [-a] [-A] [-x:<sendbuffer>] [-r:<recvbuffer>] [-b:<asyncbuffers>] 
[-w:<windowssize>][<host>] [-?] 


Parameters 

PARAMETER DESCRIPTION 

-v Suppresses display of remote server responses. 

-d Enables debugging, displaying all commands passed between 
the FTP client and FTP server. 

-i Disables interactive prompting during multiple file transfers. 

-n Suppresses auto-login upon initial connection. 

-g Disables file name globbing. Glob permits the use of the 
asterisk (*) and question mark (?) as wildcard characters in 
local file and path names. 

-s: <filename> Specifies a text file that contains ftp commands. These 
commands run automatically after ftp starts. This parameter 
allows no spaces. Use this parameter instead of redirection ( 

< ). Note: In Windows 8 and Windows Server 2012 or later 
operating systems, the text file must be written in UTF-8. 

-a Specifies that any local interface can be used when binding the 
ftp data connection. 

-A Logs onto the ftp server as anonymous. 

-X: <sendbuffer> Overrides the default SO_SNDBUF size of 8192. 

-r: <recvbuffer> Overrides the default SO_RCVBUF size of 8192. 


-b: <asyncbuffers> Overrides the default async buffer count of 3. 


PARAMETER DESCRIPTION 


-W: <windowssize> Specifies the size of the transfer buffer. The default window size 
is 4096 bytes. 


<host> Specifies the computer name, IP address, or IPv6 address of 
the ftp server to which to connect. The host name or address, 
if specified, must be the last parameter on the line. 


Displays help at the command prompt. 


Remarks 


e The ftp command-line parameters are case-sensitive. 


e This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in 
the properties of a network adapter in Network Connections. 


e Theftp command can be used interactively. After it is started, ftp creates a sub-environment in which you 
can use ftp commands. You can return to the command prompt by typing the quit command. When the ftp 
sub-environment is running, it is indicated by the ftp > command prompt. For more information, see the 
ftp commands. 


e The ftp command supports the use of IPv6 when the IPv6 protocol is installed. 


Examples 


To log on to the ftp server named ftp.example.microsoft.com , type: 


ftp ftp.example.microsoft.com 


To log on to the ftp server named ftp.example.microsoft.com and run the ftp commands contained in a file named 
resync.txt type: 


ftp -s:resync.txt ftp.example.microsoft.com 


Additional References 


e Command-Line Syntax Key 


Additional FTP guidance 


IP version 6 


IPv6 applications 


ftp append 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Appends a local file to a file on the remote computer using the current file type setting. 


Syntax 


append <localfile> [remotefile] 


Parameters 
PARAMETER DESCRIPTION 
<localfile> Specifies the local file to add. 

[remotefile] Specifies the file on the remote computer to which is added. If 
you don't use this parameter, the <localfile> name is used 
in place of the remote file name. 

Examples 


To append file7.txtto file2.txt on the remote computer, type: 
append file1.txt file2.txt 
To append the local fi/e7.txtto a file named fi/e7.txt on the remote computer. 


append file1.txt 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp ascii 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sets the file transfer type to ASCII. The ftp command supports both ASCII (default) and binary image file transfer 
types, but we recommend using ASCII when transferring text files. In ASCII mode, character conversions to and 
from the network standard character set are performed. For example, end-of-line characters are converted as 
necessary, based on the target operating system. 


Syntax 


Examples 


To set the file transfer type to ASCII, type: 


ascii 


Additional References 


e Command-Line Syntax Key 
e ftp binary command 


e Additional FTP guidance 


ftp bell 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Toggles an audible sound to occur after each file transfer command is completed. By default, this command is 
toggled off. 


Syntax 


bell 


Examples 


To toggle an audible sound to occur after each file transfer command is completed, type: 


bell 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp binary 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sets the file transfer type to binary. The ftp command supports both ASCII (default) and binary image file transfer 
types, but we recommend using binary when transferring executable files. In binary mode, files are transferred in 
one-byte units. 


Syntax 


binary 


Examples 


To set the file transfer type to binary, type: 


binary 


Additional References 
e Command-Line Syntax Key 
e ftp ascii command 


e Additional FTP guidance 


ftp bye 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Ends the ftp session on the remote computer, and then exits. 





NOTE 


This command is the same as the ftp quit command. 








Syntax 


bye 


Examples 


To end the ftp session with the remote computer and exit, type: 


bye 


Additional References 
e Command-Line Syntax Key 
e ftp quit command 


e Additional FTP guidance 


ftp cd 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the working directory on the remote computer. 


Syntax 


cd <remotedirectory> 


Parameters 
PARAMETER DESCRIPTION 
Specifies the directory on the remote computer to which you 
want to change. 
Examples 


To change the directory on the remote computer to Docs, type: 
cd Docs 
To change the directory on the remote computer to May Videos, type: 


cd May Videos 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp close 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Ends the ftp session with the remote server and remains at the prompt. 


Syntax 


close 





Examples 





To end the ftp session with the remote server and remain at the ftp> prompt, type: 


close 


Additional References 











e Command-Line Syntax Key 


e Additional FTP guidance 


ftp debug 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Toggles Debugging mode. By default, Debugging mode is turned off. If Debugging mode is turned on, you'll see 
each command sent to the remote computer, preceeded by the > character. 


Syntax 


debug 


Examples 


To toggle debug mode on and off, type: 


debug 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp delete 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Deletes files on remote computers. 


Syntax 


delete <remotefile> 


Parameters 
PARAMETER DESCRIPTION 
<remotefile> Specifies the file to delete. 
Examples 


To delete the test.txt file on the remote computer, type: 


delete test.txt 


Additional References 


e Command-Line Syntax Key 


e Additional FTP guidance 


ftp dir 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays a list of directory files and subdirectories on a remote computer. 


Syntax 


dir [<remotedirectory>] [<localfile>] 


Parameters 
PARAMETER DESCRIPTION 
[<remotedirectory>] Specifies the directory for which you want to see a listing. If no 
directory is specified, the current working directory on the 
remote computer is used. 
[<localfile>] Specifies a local file in which to store the directory listing. If a 
local file is not specified, results are displayed on the screen. 
Examples 


To display a directory listing for dir7 on the remote computer, type: 
dir diri 
To save a list of the current directory on the remote computer in the local file dirlist.txt, type: 


dict dirliet.txt 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp disconnect 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Disconnects from the remote computer and remains at the ftp> prompt. 





Syntax 


disconnect 





Examples 


To disconnect from the remote computer and remains at the ftp> prompt, type: 


disconnect 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp get 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Copies a remote file to the local computer using the current file transfer type. 





NOTE 


This command is the same as the ftp recv command. 





Syntax 


get <remotefile> [<localfile>] 


Parameters 
PARAMETER DESCRIPTION 

<remotefile> Specifies the remote file to copy. 

[<localfile>] Specifies the name of the file to use on the local computer. If 
localfile isn't specified, the file is given the name of the 
remotefile. 

Examples 


To copy testtxtto the local computer using the current file transfer, type: 
get test.txt 
To copy testtxtto the local computer as test7.txt using the current file transfer, type: 


get test.txt test1l.txt 


Additional References 


e Command-Line Syntax Key 


ftp recv command 


ftp ascii command 


ftp binary command 


Additional FTP guidance 


ftp glob 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Toggles allowing wildcard expansion for local file names. By default, globbing (wildcard expansion) is turned on. If 


globbing is turned on, you'll be able to use the asterisk (*) and question mark (?) as wildcard characters in local file 
or path names. 


Syntax 


glob 


Examples 


To toggle whether to allow wildcard expansion of local file names, type: 


glob 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp hash 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Toggles number sign (#) printing for each transferred data block. By default, the hash command is turned off. The 
size of a data block is 2048 bytes. 


Syntax 


hash 


Examples 


To toggle number sign (#) printing for each data block that is transferred, type: 


hash 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp lcd 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the working directory on the local computer. By default, the working directory is the directory in which 
the ftp command was started. 


Syntax 


lcd [<directory>] 


Parameters 
PARAMETER DESCRIPTION 
[<directory>] Specifies the directory on the local computer to which to 
change. If directory isn't specified, the current working 
directory is changed to the default directory. 
Examples 


To change the working directory on the local computer to c:\d/r7, type: 


Ved e:Ndir1 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp literal 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Sends verbatim arguments to the remote ftp server. A single ftp reply code is returned. 





NOTE 


This command is the same as the ftp quote command. 





Syntax 


literal <argument> [ ] 


Parameters 


PARAMETER 


<argument> 


Examples 


To send a quit command to the remote ftp server, type: 


literal quit 


Additional References 


e Command-Line Syntax Key 
e ftp quote command 


e Additional FTP guidance 


DESCRIPTION 


Specifies the argument to send to the ftp server. 


ftp Is 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays an abbreviated list of files and subdirectories from the remote computer. 


Syntax 


ls [<remotedirectory>] [<localfile>] 


Parameters 
PARAMETER DESCRIPTION 
[<remotedirectory>] Specifies the directory for which you want to see a listing. If no 
directory is specified, the current working directory on the 
remote computer is used. 
[<localfile>] Specifies a local file in which to store the listing. If a local file is 
not specified, results are displayed on the screen. 
Examples 


To display an abbreviated list of files and subdirectories from the remote computer, type: 


1s 


To get an abbreviated directory listing of dir7 on the remote computer and save it in a local file called dirlist txt 


type: 


Is dirt dirlist.txt 


Additional References 


e Command-Line Syntax Key 


e Additional FTP guidance 


ftp mget 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Copies remote files to the local computer using the current file transfer type. 


Syntax 


mget <remotefile>[ ] 


Parameters 

PARAMETER DESCRIPTION 

<remotefile> Specifies the remote files to copy to the local computer. 
Examples 


To copy remote files a.exe and b.exe to the local computer using the current file transfer type, type: 


mget a.exe b.exe 


Additional References 
e Command-Line Syntax Key 
e ftp ascii command 


e ftp binary command 


Additional FTP guidance 


ftp mkdir 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a directory on the remote computer. 


Syntax 


mkdir <directory> 


Parameters 
PARAMETER DESCRIPTION 
<directory> Specifies the name of the new remote directory. 
Examples 


To create a directory called dir7 on the remote computer, type: 


mkdir dir1 


Additional References 


e Command-Line Syntax Key 


e Additional FTP guidance 


ftp mls 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays an abbreviated list of files and subdirectories in a remote directory. 


Syntax 


mls <remotefile>[ ] <localfile> 


Parameters 
PARAMETER DESCRIPTION 
<remotefile> Specifies the file for which you want to see a listing. When 
specifying remotefiles, use a hyphen to represent the current 
working directory on the remote computer. 
<localfile> Specifies a local file in which to store the listing. When 
specifying /ocalfile, use a hyphen to display the listing on the 
screen. 
Examples 


To display an abbreviated list of files and subdirectories for dir7 and dir2, type: 
mls dir1 dir2 - 
To save an abbreviated list of files and subdirectories for dir7 and dir2 in the local file dirlist.txt type: 


mls dirt dir? dirlist. txt 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


fto mput 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Copies local files to the remote computer using the current file transfer type. 


Syntax 


mput <localfile>[ ] 


Parameters 

PARAMETER DESCRIPTION 

<localfile> Specifies the local file to copy to the remote computer. 
Examples 


To copy Program 1.exe and Program2.exe to the remote computer using the current file transfer type, type: 


mput Programl.exe Program2.exe 


Additional References 
e Command-Line Syntax Key 
e ftp ascii command 


e ftp binary command 


Additional FTP guidance 


ftp open 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Connects to the specified ftp server. 


Syntax 


open <computer> [<port>] 


Parameters 
PARAMETER DESCRIPTION 
<computer> Specifies the remote computer to which you are trying to 
connect. You can use an IP address or computer name (in 
which case a DNS server or Hosts file must be available). 
[<port>] Specifies a TCP port number to use to connect to an ftp 
server. By default, TCP port 21 is used. 
Examples 


To connect to the ftp server at ftp.microsoftcom, type: 
open ftp.microsoft.com 
To connect to the ftp server at ftp.microsoftcom that is listening on TCP port 755, type: 


open ftp.microsoft.com 755 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


fto prompt 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Toggles Prompt mode on and off. By default, Prompt mode is turned on. If Prompt mode is turned on, the ftp 
command prompts during multiple file transfers to allow you to selectively retrieve or store files. 


NOTE 


You can use the ftp mget and ftp mput commands to transfer all files when Prompt mode is turned off. 





Syntax 


prompt 


Examples 


To toggle Prompt mode on and off, type: 


prompt 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp put 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Copies a local file to the remote computer using the current file transfer type. 





NOTE 


This command is the same as the ftp send command. 








Syntax 


put <localfile> [<remotefile>] 


Parameters 
PARAMETER DESCRIPTION 
<localfile> Specifies the local file to copy. 
[<remotefile>] Specifies the name to use on the remote computer. If you 
don't specify a remotefile the file is give the /ocalfile name. 
Examples 


To copy the local file testixtand name it test7.txton the remote computer, type: 
put test.txt testl.txt 

To copy the local file program.exe to the remote computer, type: 
put program.exe 


Additional References 


e Command-Line Syntax Key 


ftp ascii command 


ftp binary command 


Additional FTP guidance 


ftp pwd 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 





Displays the current remote computer directory. 


Syntax 





pwd 


Examples 


To display the current remote computer directory, type: 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp quit 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Ends the ftp session with the remote computer, and then exits. 





NOTE 


This command is the same as the ftp bye command. 





Syntax 
quit 


Examples 


To end the ftp session with the remote computer and return to the operating system command prompt, type: 


quit 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp quote 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Sends verbatim arguments to the remote ftp server. A single ftp reply code is returned. 





NOTE 


This command is the same as the ftp literal command. 








Syntax 


quote <argument>[ ] 


Parameters 


PARAMETER 


<argument> 


Examples 


To send a quit command to the remote ftp server, type: 


quote quit 


Additional References 


e Command-Line Syntax Key 
e ftp literal command 


e Additional FTP guidance 


DESCRIPTION 


Specifies the argument to send to the ftp server. 


ftp recv 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Copies a remote file to the local computer using the current file transfer type. 





NOTE 


This command is the same as the ftp get command. 





Syntax 


recv <remotefile> [<localfile>] 


Parameters 
PARAMETER DESCRIPTION 

<remotefile> Specifies the remote file to copy. 

[<localfile>] Specifies the name of the file to use on the local computer. If 
localfile isn't specified, the file is given the name of the 
remotefile. 

Examples 


To copy testtxtto the local computer using the current file transfer, type: 


recv test.txt 


To copy testtxtto the local computer as test7.txt using the current file transfer, type: 


recv test.txt test1.txt 


Additional References 


e Command-Line Syntax Key 
e ftp get command 


e ftp ascii command 


ftp binary command 


Additional FTP guidance 


ftp remotehelp 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 
Displays help for remote commands. 
Syntax 

remotehelp [<command>] 


Parameters 


PARAMETER 


[<command>] 


Examples 


To display a list of remote commands, type: 


remotehelp 


To display the syntax for the featremote command, type: 


remotehelp feat 


Additional References 


e Command-Line Syntax Key 


e ftp quote 


ftp literal 


e Additional FTP guidance 


DESCRIPTION 


Specifies the name of the command about which you want 
help. If <command> isn't specified, this command displays a list 
of all remote commands. You can also run remote commands 
using ftp quote or ftp literal. 


ftp rename 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Renames remote files. 


Syntax 


rename <filename> <newfilename> 


Parameters 
PARAMETER DESCRIPTION 
<filename> Specifies the file that you want to rename. 
<newfilename> Specifies the new file name. 
Examples 


To rename the remote file example.txtto example1.txt type: 


rename example.txt example1.txt 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp rmdir 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Deletes a remote directory. 


Syntax 


rmdir <directory> 


Parameters 
PARAMETER DESCRIPTION 
<directory> Specifies the name of the remote directory to delete. 
Examples 


To delete the pictures remote directory, type: 


rmdir pictures 


Additional References 


e Command-Line Syntax Key 


e Additional FTP guidance 


ftp send 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Copies a local file to the remote computer using the current file transfer type. 





NOTE 


This command is the same as the ftp put command. 





Syntax 


send <localfile> [<remotefile>] 


Parameters 
PARAMETER DESCRIPTION 
<localfile> Specifies the local file to copy. 
<remotefile> Specifies the name to use on the remote computer. If you 
don't specify a remotefile the file will get the /oca/file name. 
Examples 


To copy the local file testixt and name it test7.txton the remote computer, type: 
send test.txt test1.txt 
To copy the local file program.exe to the remote computer, type: 


send program.exe 


Additional References 


e Command-Line Syntax Key 


e Additional FTP guidance 


ftp status 


11/2/2020 * 2 minutes to read ° Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 





Displays the current status of ftp connections. 


Syntax 


status 


Examples 





To display the current status of ftp connections, type: 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp trace 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Toggles packet tracing. This command also displays the series of internal FTP function calls when running a ftp 
command. 


Syntax 








trace | 





Examples 


Toggle tracing on and off, type: 








trace | 





Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp type 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Sets or displays the file transfer type. The ftp command supports both ASCII (default) and binary image file 


transfer types: 


e We recommend using ASCII when transferring text files. In ASCII mode, character conversions to and from 


the network standard character set are performed. For example, end-of-line characters are converted as 


necessary, based on the target operating system. 


e We recommend using binary when transferring executable files. In binary mode, files are transferred in one- 


byte units. 


Syntax 


type [<typename>] 


Parameters 


PARAMETER 


[<typename>] 


Examples 


To set the file transfer type to ASCII, type: 


type ascii 


To set the transfer file type to binary, type: 


type binary 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


DESCRIPTION 


Specifies the file transfer type. If you don't specify this 
parameter, the current type is displayed. 


ftp user 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 
Specifies a user to the remote computer. 


Syntax 


user <username> [<password>] [<account>] 


Parameters 


PARAMETER 


<username> 


[<password>] 


[<account>] 


Examples 


To specify User7 with the password Password’, type: 


user User1 Password1 


Additional References 


e Command-Line Syntax Key 


e Additional FTP guidance 


DESCRIPTION 


Specifies a user name with which to log on to the remote 
computer. 


Specifies the password for username. If a password is not 
specified but is required, the ftp command prompts for the 
password. 


Specifies an account with which to log on to the remote 
computer. If an account isn't specified but is required, the ftp 
command prompts for the account. 


ftp verbose 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Toggles Verbose mode. By default, Verbose mode is turned on. When Verbose mode is on, all ftp command 


responses are displayed. When a file transfer is completed, statistics regarding the efficiency of the transfer are also 
displayed. 


Syntax 
verbose 


Examples 


To toggle Verbose mode on and off, type: 


verbose 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftp mdelete 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Deletes files on the remote computer. 


Syntax 


mdelete <remotefile>[...] 


Parameters 
PARAMETER DESCRIPTION 
<remotefile> Specifies the remote file to delete. 
Examples 


To delete remote files a.exe and b.exe, type: 


mdelete a.exe b.exe 


Additional References 


e Command-Line Syntax Key 


e Additional FTP guidance 


ftp mdir 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays a directory list of files and subdirectories in a remote directory. 


Syntax 


mdir <remotefile>[...] <localfile> 


Parameters 
PARAMETER DESCRIPTION 
<remotefile> Specifies the directory or file for which you want to see a 
listing. You can specify multiple remotefiles. Type a hyphen (-) 
to use the current working directory on the remote computer. 
<localfile> Specifies a local file to store the listing. This parameter is 
required. Type a hyphen (-) to display the listing on the screen. 
Examples 


To display a directory listing of dir7 and dir2 on the screen, type: 
mdir dir1i dir2 - 
To save the combined directory listing of dir7 and dir2 in a local file called dirlist txt type: 


mdin dirt dir2 dirlist.txt 


Additional References 
e Command-Line Syntax Key 


e Additional FTP guidance 


ftype 
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Displays or modifies file types that are used in file name extension associations. If used without an assignment 
operator (=), this command displays the current open command string for the specified file type. If used without 
parameters, this command displays the file types that have open command strings defined. 





NOTE 
This command is only supported within cmd.exe and is not available from PowerShell. Though you can use cmd /c ftype 


as a workaround. 





Syntax 


ftype [<filetype>[=[<opencommandstring>]]] 


Parameters 
PARAMETER DESCRIPTION 
<filetype> Specifies the file type to display or change. 
<opencommandstring> Specifies the open command string to use when opening files 
of the specified file type. 
R Displays help at the command prompt. 
Remarks 


The following table describes how ftype substitutes variables within an open command string: 
VARIABLE REPLACEMENT VALUE 


%8 Or %1 Gets substituted with the file name being launched through 
the association. 


%* Gets all of the parameters. 

%21|%3 |... Gets the first parameter ( %2 ), the second parameter ( %3 ), 
and so on. 

%~<n> Gets all of the remaining parameters starting with the nth 


parameter, where n can be any number from 2 to 9. 


Examples 


To display the current file types that have open command strings defined, type: 


ftype 


To display the current open command string for the txtfile file type, type: 
ftype txtfile 


This command produces output similar to the following: 
txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 


To delete the open command string for a file type called example type: 
ftype example= 


To associate the .pl file name extension with the PerlScript file type and enable the PerlScript file type to run 
PERL.EXE, type the following commands: 


assoc .pl=Perl1Script 
ftype PerlScript=perl.exe %1 %* 


To eliminate the need to type the .pl file name extension when invoking a Perl script, type: 


set PATHEXT=.p1;%PATHEXT% 


Additional References 


e Command-Line Syntax Key 


fveupdate 
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FveUpdate is an internal tool, used by the setup program when a computer is upgraded. It updates the metadata 
associated with BitLocker to the latest version. This tool cannot be run independently. 


Additional References 


e Command-Line Syntax Key 


getmac 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Returns the media access control (MAC) address and list of network protocols associated with each address for all 
network cards in each computer, either locally or across a network. This command is particularly useful either when 
you want to enter the MAC address into a network analyzer, or when you need to know what protocols are 
currently in use on each network adapter on a computer. 


Syntax 


getmac[.exe][/s <computer> [/u <domain\<user> [/p <password>]]][/fo {table | list | csv}][/nh][/v] 


Parameters 


PARAMETER DESCRIPTION 


/S <computer> Specifies the name or IP 
address of a remote 
computer (do not use 
backslashes). The default is 
the local computer. 


/u <domain>\<user> Runs the command with the 
account permissions of the 
user specified by user or 
domain\user. The default is 
the permissions of the 
current logged on user on 
the computer issuing the 
command. 


/P <password> Specifies the password of the 
user account that is specified 
in the /u parameter. 


/fo {table list csv} Specifies the format to use 
for the query output. Valid 
values are table, list, and 
csv. The default format for 
output is table. 


/nh Suppresses column header 
in output. Valid when the 
/fo parameter is set to 
table or csv. 


N Specifies that the output 
display verbose information. 


PARAMETER DESCRIPTION 


/ Displays help at the 
command prompt. 


Examples 


The following examples show how you can use the getmac command: 


getmac /fo table /nh /v 


getmac /s srvmain 


getmac /s srvmain /u maindom\hirop1ln 


getmac /s srvmain /u maindom\hiropln /p p@sswW23 


getmac /s srvmain /u maindom\hiropln /p p@ssW23 /fo list /v 


getmac /s srvmain /u maindom\hiropln /p p@ssW23 /fo table /nh 


Additional References 


e Command-Line Syntax Key 


gettype 
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The gettype command has been deprecated, and isn't guaranteed to be supported in Windows. 


This tool is included in Windows Server 2003. For more information, see gettype. 


Additional References 


e Command-Line Syntax Key 


goto 


11/2/2020 * 2 minutes to read * Edit Online 





Directs cmd.exe to a labeled line in a batch program. Within a batch program, this command directs command 
processing to a line that is identified by a label. When the label is found, processing continues starting with the 
commands that begin on the next line. 


Syntax 


goto <label> 


Parameters 
PARAMETER DESCRIPTION 
<label> Specifies a text string that is used as a label in the batch 
program. 
J? Displays help at the command prompt. 
Remarks 


e |f command extensions are enabled (the default), and you use the goto command with a target label of 
:EOF, you transfer control to the end of the current batch script file and exit the batch script file without 
defining a label. When you use this command with the :EOF label, you must insert a colon before the label. 


For example: goto:E0OF . 


e You can use spaces in the /abe/ parameter, but you can't include other separators (for example, semicolons (;) 
or equal signs (=)). 


@ The /abe/value that you specify must match a label in the batch program. The label within the batch 
program must begin with a colon (.). If a line begins with a colon, it's treated as a label and any commands 
on that line are ignored. If your batch program doesn't contain the label that you specify in the /abe/ 
parameter, then the batch program stops and displays the following message: Label not found . 


e You can use goto with other commands to perform conditional operations. For more information about 
using goto for conditional operations, see the if command. 


Examples 


The following batch program formats a disk in drive A as a system disk. If the operation is successful, the goto 
command directs processing to the :end label: 


echo off 

format a: /s 

if not errorlevel 1 goto end 

echo An error occurred during formatting. 
: end 

echo End of batch program. 


Additional References 


e Command-Line Syntax Key 
e cmd command 


e if command 


gpfixup 
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Fixes domain name dependencies in Group Policy Objects and Group Policy links after a domain rename operation. 


To use this command, you must install Group Policy Management as a feature through Server Manager. 


Syntax 


gpfixup [/v] 

[/olddns:<olddnsname> /newdns:<newdnsname>] 
[/oldnb:<oldflatname> /newnb:<newflatname>] 
[/dc:<dcname>] [/sionly] 

[/user:<username> [/pwd:{<password>|*}]] [/?] 


Parameters 


PARAMETER 


N 


/olddns: <olddnsname> 


/newdns: <newdnsname> 


/oldnb: <oldflatname> 


/newnb: <newflatname> 


DESCRIPTION 


Displays detailed status messages. If this parameter isn't used, 
only error messages or a summary status message stating, 
SUCCESS or FAILURE appears. 


Specifies the old DNS name of the renamed domain as 
<olddnsname> when the domain rename operation changes 
the DNS name of a domain. You can use this parameter only if 
you also use the /newdns parameter to specify a new domain 

DNS name. 


Specifies the new DNS name of the renamed domain as 
<newdnsname> when the domain rename operation changes 
the DNS name of a domain. You can use this parameter only if 
you also use the /olddns parameter to specify the old 

domain DNS name. 


Specifies the old NetBIOS name of the renamed domain as 

<oldflatname> when the domain rename operation changes 
the NetBIOS name of a domain. You can use this parameter 
only if you use the /newnb parameter to specify a new 
domain NetBIOS name. 


Specifies the new NetBIOS name of the renamed domain as 

<newflatname> when the domain rename operation changes 
the NetBIOS name of a domain. You can use this parameter 
only if you use the /oldnb parameter to specify the old 
domain NetBIOS name. 


PARAMETER DESCRIPTION 


/dc: <dcname> Connect to the domain controller named <dcname> (a DNS 
name or a NetBIOS name). <dcname> must host a writable 
replica of the domain directory partition as indicated by one 
of the following: 

e The DNS name <newdnsname> by using /newdns 

e The NetBIOS name <newflatname> by using /newnb 
If this parameter isn't used, you can connect to any 
domain controller in the renamed domain indicated by 


<newdnsname> Or <newflatname> . 


/sionly Performs only the Group Policy fix that relates to managed 
software installation (the Software Installation extension for 
Group Policy). Skip the actions that fix Group Policy links and 
the SYSVOL paths in GPOs. 


/user: <username> Runs this command in the security context of the user 
<username> , where <username> is in the format 
domain\user. If this parameter isn't used, this command runs 
as the logged in user. 


/pwd: {<password> | *} Specifies the password for the user. 
/ Displays Help at the command prompt. 
Examples 


This example assumes that you have already performed a domain rename operation in which you changed the 
DNS name from MyOldDnsName to MyNewDnsName, and the NetBIOS name from MyOldNetBIOSName to 
MyNewNetBIOSName. 


In this example, you use the gpfixup command to connect to the domain controller named MyDcDnsName and 
repair GPOs and Group Policy links by updating the old domain name embedded in the GPOs and links. Status and 
error output is saved to a file that is named gpfixup.log. 


gpfixup /olddns: MyOldDnsName /newdns:MyNewDnsName /oldnb:MyOldNetBIOSName /newnb:MyNewNetBIOSName 
/dc:MyDcDnsName 2>&1 >gpfixup.log 


This example is the same as the previous one, except that it assumes the NetBIOS name of the domain was not 
changed during the domain rename operation. 


gpfixup /olddns: MyOldDnsName /newdns:MyNewDnsName /dc:MyDcDnsName 2>&1 >gpfixup.log 


Additional References 


e Command-Line Syntax Key 


e Administering Active Directory Domain Rename 


ofeycesulit 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays the Resultant Set of Policy (RSoP) information for a remote user and computer. To use RSoP reporting for 
remotely targeted computers through the firewall, you must have firewall rules that enable inbound network traffic 
on the ports. 


Syntax 


gpresult [/s <system> [/u <username> [/p [<password>]]]] [/user [<targetdomain>\]<targetuser>] [/scope (user | 
computer}] {/r | /v | /z | [/x | /h] <filename> [/f] | /?} 





NOTE 


Except when using /?, you must include an output option, /r, /v, /z, /x, or /h. 





Parameters 

PARAMETER DESCRIPTION 

/S <system> Specifies the name or IP address of a remote computer. Don't 
use backslashes. The default is the local computer. 

/U <username> Uses the credentials of the specified user to run the command. 
The default user is the user who is logged on to the computer 
that issues the command. 

/p [<password>] Specifies the password of the user account that is provided in 
the /u parameter. If /p is omitted, gpresult prompts for the 
password. The /p parameter can't be used with /x or /h. 

/user [<targetdomain>\]<targetuser>] Specifies the remote user whose RSoP data is to be displayed. 

/scope {user | computer} Displays RSoP data for either the user or the computer. If 
/scope is omitted, gpresult displays RSoP data for both the 
user and the computer. 

[/x | /h] <filename> Saves the report in either XML (/x) or HTML (/h) format at the 
location and with the file name that is specified by the 
filename parameter. Can't be used with /u, /p, /r, /v, or /z. 
/t Forces gpresult to overwrite the file name that is specified in 


the /x or /h option. 


/t Displays RSoP summary data. 


PARAMETER DESCRIPTION 


N Displays verbose policy information. This includes detailed 
settings that were applied with a precedence of 1. 


/z Displays all available information about Group Policy. This 
includes detailed settings that were applied with a precedence 
of 1 and higher. 


/? Displays help at the command prompt. 


Remarks 

e Group Policy is the primary administrative tool for defining and controlling how programs, network 
resources, and the operating system operate for users and computers in an organization. In an active 
directory environment, Group Policy is applied to users or computers based on their membership in sites, 


domains, or organizational units. 


e Because you can apply overlapping policy settings to any computer or user, the Group Policy feature 
generates a resulting set of policy settings when the user logs on. The gpresult command displays the 
resulting set of policy settings that were enforced on the computer for the specified user when the user 
logged on. 


e Because /v and /z produce a lot of information, it's useful to redirect output to a text file (for example, 


gpresult/z >policy.txt ). 


Examples 
To retrieve RSoP data for only the remote user, maindom|\hirop/n with the password p@ssW23, who's on the 


computer srvmain, type: 


gpresult /s srvmain /u maindom\hiropln /p p@ssW23 /user targetusername /scope user /r 


To save all available information about Group Policy to a file named, policy.txt, for only the remote user 
maindom\hiropin with the password p@ssW23, on the computer srvmain, type: 


gpresult /s srvmain /u maindom\hiropln /p p@ssW23 /user targetusername /z > policy.txt 


To display RSoP data for the logged on user, maindom\hirop/n with the password p@ssW23, for the computer 


srvmain, type: 


gpresult /s srvmain /u maindom\hiroplin /p p@ssW23 /r 


Additional References 


e Command-Line Syntax Key 


gpt 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


On basic GUID partition table (gpt) disks, this command assigns the gpt attribute(s) to the partition with focus. Gpt 
partition attributes give additional information about the use of the partition. Some attributes are specific to the 
partition type GUID. 


You must choose a basic gpt partition for this operation to succeed. Use the select partition command to select a 
basic gpt partition and shift the focus to it. 


Caution 

Changing the gpt attributes might cause your basic data volumes to fail to be assigned drive letters, or to prevent 
the file system from mounting. We strongly recommend that you don't change the gpt attributes unless you're an 
original equipment manufacturer (OEM) or an IT professional who's experienced with gpt disks. 


Syntax 


gpt attributes=<n> 


Parameters 


PARAMETER DESCRIPTION 


attributes= <n> Specifies the value for the attribute that you want to apply to 
the partition with focus. The gpt attribute field is a 64-bit field 
that contains two subfields. The higher field is interpreted only 
in the context of the partition ID, while the lower field is 
common to all partition IDs. Accepted values include: 
© 0x0000000000000001 - Specifies that the partition 
is required by the computer to function properly. 
© 0x8000000000000000 - Specifies that the partition 
won't receive a drive letter by default when the disk is 
moved to another computer, or when the disk is seen 
for the first time by a computer. 
© 0x4000000000000000 - Hides a partition'’s volume 
so it's not detected by the mount manager. 
© 0x2000000000000000 - Specifies that the partition 
is a shadow copy of another partition. 
© 0x1000000000000000 - Specifies that the partition 
is read-only. This attribute prevents the volume from 
being written to. 


For more information about these attributes, see the 
attributes section at create PARTITION PARAMETERS 
Structure. 


Remarks 
e The EFI System partition contains only those binaries necessary to start the operating system. This makes it 
easy for OEM binaries or binaries specific to an operating system to be placed in other partitions. 


Examples 


To prevent the computer from automatically assigning a drive letter to the partition with focus, while moving a gpt 
disk, type: 


gpt attributes=09x8000000000000000 


Additional References 


e Command-Line Syntax Key 
e select partition command 


e create PARTITION PARAMETERS Structure 


gpupdate 
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Updates Group Policy settings. 


Syntax 


gpupdate [/target:{computer | user}] [/force] [/wait:<VALUE>] [/logoff] [/boot] [/sync] [/?] 


Parameters 


PARAMETER DESCRIPTION 


/target: (computer |user) Specifies that only User or only Computer policy settings are 
updated. By default, both User and Computer policy settings 
are updated. 


/force Reapplies all policy settings. By default, only policy settings 
that have changed are applied. 


/wait: <VALUE> Sets the number of seconds to wait for policy processing to 
finish before returning to the command prompt. When the 
time limit is exceeded, the command prompt appears, but 
policy processing continues. The default value is 600 seconds. 
The value 0 means not to wait. The value -1 means to wait 
indefinitely. 

In a script, by using this command with a time limit 
specified, you can run gpupdate and continue with 
commands that do not depend upon the completion of 
gpupdate. Alternatively, you can use this command with 
no time limit specified to let gpupdate finish running 
before other commands that depend on it are run. 


/logoff Causes a logoff after the Group Policy settings are updated. 
This is required for those Group Policy client-side extensions 
that do not process policy on a background update cycle but 
do process policy when a user logs on. Examples include user- 
targeted Software Installation and Folder Redirection. This 
option has no effect if there are no extensions called that 
require a logoff. 


/boot Causes a computer restart after the Group Policy settings are 
applied. This is required for those Group Policy client-side 
extensions that do not process policy on a background update 
cycle but do process policy at computer startup. Examples 
include computer-targeted Software Installation. This option 
has no effect if there are no extensions called that require a 
restart. 


PARAMETER DESCRIPTION 


/sync Causes the next foreground policy application to be done 
synchronously. Foreground policy is applied at computer boot 
and user logon. You can specify this for the user, computer, or 
both, by using the /target parameter. The /force and /wait 
parameters are ignored if you specify them. 


I? Displays Help at the command prompt. 


Examples 


To force a background update of all Group Policy settings, regardless of whether they've changed, type: 


gpupdate /force 


Additional References 


e Command-Line Syntax Key 


graftabl 
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Enables Windows operating systems to display an extended character set in graphics mode. If used without 
parameters, graftabl displays the previous and the current code page. 


IMPORTANT 


The graftabl command is a legacy command, and therefore outdated. It is normally not installed in modern Windows 


versions. Please see the chcp page for codepage handling. 





Syntax 


graftabl <codepage> 
graftabl /status 


Parameters 


PARAMETER DESCRIPTION 


<codepage> Specifies a code page to define the appearance of extended 
characters in graphics mode. Valid code page identification 
numbers are: 
© 437 - United States 
e 850 - Multilingual (Latin I) 
e 852 - Slavic (Latin II) 
e 855 - Cyrillic (Russian) 
e 857 - Turkish 
e 860 - Portuguese 
e 861 - Icelandic 
® 863 - Canadian-French 
e 865 - Nordic 
e 866 - Russian 
© 869 - Modern Greek 


/status Displays the current code page being used by this command. 


/ Displays help at the command prompt. 


Remarks 


e Thegraftabl command affects only the monitor display of extended characters of the code page that you 
specify. It doesn't change the actual console input code page. To change the console input code page, use the 
mode or chcp command. 


e Each exit code and a brief description of it: 
EXIT CODE DESCRIPTION 


0 Character set was loaded successfully. No previous code 
page was loaded. 


EXIT CODE DESCRIPTION 
1 An incorrect parameter was specified. No action was taken. 
2 A file error occurred. 


e You can use the ERRORLEVEL environment variable in a batch program to process exit codes that are 
returned by graftabl. 


Examples 


To view the current code page used by graftabl, type: 
graftabl /status 

To load the graphics character set for code page 437 (United States) into memory, type: 
graftabl 437 

To load the graphics character set for code page 850 (multilingual) into memory, type: 


graftabl 850 


Additional References 


e Command-Line Syntax Key 


freedisk command 
e mode command 


e chcp command 


help 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays a list of the available commands or detailed help information on a specified command. If used without 
parameters, help lists and briefly describes every system command. 


Syntax 


help [<command>] 


Parameters 
PARAMETER DESCRIPTION 
<command> Specifies the command for which to display detailed help 
information. 
Examples 


To view information about the robocopy command, type: 
help robocopy 
To display a list of all commands available in DiskPart, type: 
help 
To display detailed help information about how to use the create partition primary command in DiskPart, type: 


help create partition primary 


Additional References 


e Command-Line Syntax Key 


helpctr 
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The helpctr command has been deprecated, and isn't guaranteed to be supported in Windows. 


This tool is included in Windows Server 2003. For more information, see Helpctr. 


hostname 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays the host name portion of the full computer name of the computer. 





IMPORTANT 


This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a 


network adapter in Network. 





Syntax 


hostname 
Parameters 
PARAMETER DESCRIPTION 
R Displays help at the command prompt. 
Examples 


To display the name of the computer, type: 


hostname 


Additional References 


e Command-Line Syntax Key 


icacls 
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Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files 
in specified directories. 





NOTE 


This command replaces the deprecated cacls command. 





Syntax 


icacls <filename> [/grant[:r] <sid>:<perm>[...]] [/deny <sid>:<perm>[...]] [/remove[:g|:d]] <sid>[...]] [/t] 
[/c] [/1] [/q] [/setintegritylevel <Level>:<policy>[...]] 
icacls <directory> [/substitute <sidold> <sidnew> [...]] [/restore <aclfile> [/c] [/1] [/q]] 


Parameters 
PARAMETER DESCRIPTION 
<filename> Specifies the file for which to display DACLs. 
<directory> Specifies the directory for which to display DACLs. 
/t Performs the operation on all specified files in the current 
directory and its subdirectories. 
/c Continues the operation despite any file errors. Error 
messages will still be displayed. 
Å Performs the operation on a symbolic link instead of its 
destination. 
/q Suppresses success messages. 
[/save <ACLfile> [/t] [/c] V1 [/all Stores DACLs for all matching files into ACLfile for later use 
with /restore. 
[/setowner <username> [/t] [/c] I] ql] Changes the owner of all matching files to the specified user. 
(/findsid <sid> [/t] (/d I [qll Finds all matching files that contain a DACL explicitly 
mentioning the specified security identifier (SID). 
[verify [/t] /d UT] qll Finds all files with ACLs that are not canonical or have lengths 
inconsistent with ACE (access control entry) counts. 
[reset [/t] [/c] U/1] ql] Replaces ACLs with default inherited ACLs for all matching 


files. 


PARAMETER 


[/grant[:r] <sid>:[...]] 


[/deny <sid>:[...]] 


[/remove [:g | :d]]  <sid> [..] /t] /d D1] [/q] 


[/setintegritylevel [(CI)(Ol)] <Level>:<Policy> [..]] 


[/substitute <sidold> <sidnew> [...]] 


/restore <ACLfile> [/c] [/l] [/q] 


/inheritancelevel: [e | d | r] 


Remarks 


DESCRIPTION 


Grants specified user access rights. Permissions replace 
previously granted explicit permissions. 

Not adding the :r, means that permissions are added to 
any previously granted explicit permissions. 


Explicitly denies specified user access rights. An explicit deny 
ACE is added for the stated permissions and the same 
permissions in any explicit grant are removed. 


Removes all occurrences of the specified SID from the DACL. 
This command can also use: 


e :g - Removes all occurrences of granted rights to the 
specified SID. 


e :d - Removes all occurrences of denied rights to the 
specified SID. 


Explicitly adds an integrity ACE to all matching files. The level 
can be specified as: 


e |- Low 
e m- Medium 
e h- High 


Inheritance options for the integrity ACE may precede the 
level and are applied only to directories. 


Replaces an existing SID (sido/a) with a new SID (sidnev). 
Requires using with the <directory> parameter. 


Applies stored DACLs from <AcLfile> to files in the 
specified directory. Requires using with the <directory> 
parameter. 


Sets the inheritance level, which can be: 

e e- Enables inheritance 

e d - Disables inheritance and copies the ACEs 
e r - Removes all inherited ACEs 


e SIDs may be in either numerical or friendly name form. If you use a numerical form, affix the wildcard 


character * to the beginning of the SID. 


e This command preserves the canonical order of ACE entries as: 


o Explicit denials 
o Explicit grants 
o Inherited denials 


o Inherited grants 


e The <perm> option is a permission mask that can be specified in one of the following forms: 


o A sequence of simple rights: 


o F -Full access 
o M- Modify access 
o RX - Read and execute access 
o R - Read-only access 
o W - Write-only access 
o A comma-separated list in parenthesis of specific rights: 
o D - Delete 
o RC - Read control 
o WDAC - Write DAC 
o WO -Write owner 
o S - Synchronize 
o AS - Access system security 
o MA - Maximum allowed 
o GR - Generic read 
o GW - Generic write 
o GE - Generic execute 
o GA - Generic all 
o RD - Read data/list directory 
o WD - Write data/add file 
o AD - Append data/add subdirectory 
o REA - Read extended attributes 
o WEA - Write extended attributes 
o X - Execute/traverse 
o DC - Delete child 
o RA - Read attributes 
o WA -Write attributes 
o Inheritance rights may precede either <perm> form, and they are applied only to directories: 
o (OI) - Object inherit 
o (CI) - Container inherit 
© (IO) - Inherit only 


o (NP) - Do not propagate inherit 


Examples 


To save the DACLs for all files in the C\Windows directory and its subdirectories to the ACLFile file, type: 


icacls c:\windows\* /save aclfile /t 


To restore the DACLs for every file within ACLFile that exists in the C:\Windows directory and its subdirectories, 
type: 


icacls c:\windows\ /restore aclfile 

To grant the user User1 Delete and Write DAC permissions to a file named Test1, type: 
icacls test1 /grant Useri1:(d,wdac) 

To grant the user defined by SID S-1-1-0 Delete and Write DAC permissions to a file, named Test2, type: 
icacls test2 /grant *S-1-1-Ø:(d,wdac) 


Additional References 


e Command-Line Syntax Key 


if 
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Performs conditional processing in batch programs. 


Syntax 


if [not] ERRORLEVEL <number> <command> [else <expression>] 
if [not] <string1>==<string2> <command> [else <expression>] 
if [not] exist <filename> <command> [else <expression>] 


If command extensions are enabled, use the following syntax: 


if [/i] <string1> <compareop> <string2> <command> [else <expression>] 
if cmdextversion <number> <command> [else <expression>] 
if defined <variable> <command> [else <expression>] 


Parameters 
PARAMETER DESCRIPTION 
not Specifies that the command should be carried out only if the 
condition is false. 
errorlevel <number> Specifies a true condition only if the previous program run by 
Cmd.exe returned an exit code equal to or greater than 
number. 
<command> Specifies the command that should be carried out if the 
preceding condition is met. 
<string1>==<string2> Specifies a true condition only if string7 and string2 are the 
same. These values can be literal strings or batch variables (for 
example, %1 ). You do not need to enclose literal strings in 
quotation marks. 
exist. <filename> Specifies a true condition if the specified file name exists. 
<compareop> Specifies a three-letter comparison operator, including: 


e EQU - Equal to 

e NEQ - Not equal to 

e LSS - Less than 

e LEQ - Less than or equal to 

© GTR - Greater than 

© GEQ - Greater than or equal to 


PARAMETER DESCRIPTION 


/i Forces string comparisons to ignore case. You can use /i on 
the string1i==string2 form of if. These comparisons are 
generic, in that if both string7 and string2 are comprised of 
numeric digits only, the strings are converted to numbers and 
a numeric comparison is performed. 


cmdextversion <number> Specifies a true condition only if the internal version number 
associated with the command extensions feature of Cmd.exe 
is equal to or greater than the number specified. The first 
version is 1. It increases by increments of one when significant 
enhancements are added to the command extensions. The 
cmdextversion conditional is never true when command 
extensions are disabled (by default, command extensions are 


enabled). 
defined <variable> Specifies a true condition if variable is defined. 
<expression> Specifies a command-line command and any parameters to 


be passed to the command in an else clause. 


fr Displays help at the command prompt. 


Remarks 
e |f the condition specified in an if clause is true, the command that follows the condition is carried out. If the 
condition is false, the command in the if clause is ignored and the command executes any command that is 


specified in the else clause. 


e When a program stops, it returns an exit code. To use exit codes as conditions, use the errorlevel 


parameter. 


e |f you use defined, the following three variables are added to the environment: %errorlevel%, 


%cmdcmdline%, and %cmdextversion%. 


o %errorlevel%: Expands into a string representation of the current value of the ERRORLEVEL 
environment variable. This variable assumes that there isn't already an existing environment variable 
with the name ERRORLEVEL. If there is, you'll get that ERRORLEVEL value instead. 


°o %cmdcmdline%: Expands into the original command line that was passed to Cmd.exe prior to any 
processing by Cmd.exe. This assumes that there isn't already an existing environment variable with 
the name CMDCMDLINE. If there is, you'll get that CMDCMDLINE value instead. 


o %cmdextversion%: Expands into the string representation of the current value of cmdextversion. 
This assumes that there isn't already an existing environment variable with the name 
CMDEXTVERSION. If there is, you'll get that CMDEXTVERSION value instead. 


e You must use the else clause on the same line as the command after the if. 
Examples 
To display the message Cannot find data file if the file Product.dat cannot be found, type: 


if not exist product.dat echo Cannot find data file 


To format a disk in drive A and display an error message if an error occurs during the formatting process, type the 
following lines in a batch file: 


:begin 

@echo off 

format a: /s 

if not errorlevel 1 goto end 

echo An error occurred during formatting. 
: end 

echo End of batch program. 


To delete the file Product.dat from the current directory or display a message if Product.dat is not found, type the 
following lines in a batch file: 


IF EXIST Product.dat ( 

del Product.dat 

)HEESER( 

echo The Product.dat file is missing. 


) 


NOTE 


These lines can be combined into a single line as follows: 


IF EXIST Product.dat (del Product.dat) ELSE (echo The Product.dat file is missing.) 





To echo the value of the ERRORLEVEL environment variable after running a batch file, type the following lines in 
the batch file: 


goto answer%errorlevel% 

:answer1 

echo The program returned error level 1 
goto end 

:answerø 

echo The program returned error level 9 
goto end 

: end 

echo Done! 


To go to the okay label if the value of the ERRORLEVEL environment variable is less than or equal to 1, type: 


if %errorlevel% LEQ 1 goto okay 


Additional References 


e Command-Line Syntax Key 


e goto command 


import (diskshadow) 
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Imports a transportable shadow copy from a loaded metadata file into the system. 


[IMPORTANT] Before you can use this command, you must use the load metadata command to load a 
DiskShadow metadata file. 


Syntax 


import 


Remarks 


e Transportable shadow copies aren't stored on the system immediately. Their details are stored in a Backup 
Components Document XML file, which DiskShadow automatically requests and saves in a .cab metadata file in 
the working directory. Use the set metadata command to change the path and name of this XML file. 


Examples 


The following is a sample DiskShadow script that demonstrates the use of the import command: 


#Sample DiskShadow script demonstrating IMPORT 

SET CONTEXT PERSISTENT 

SET CONTEXT TRANSPORTABLE 

SET METADATA transHWshadow_p.cab 

#P: is the volume supported by the Hardware Shadow Copy provider 
ADD VOLUME P: 

CREATE 

END BACKUP 

#The (transportable) shadow copy is not in the system yet. 

#You can reset or exit now if you wish. 


LOAD METADATA transHWshadow_p.cab 


IMPORT 
#The shadow copy will now be loaded into the system. 


Additional References 
e Command-Line Syntax Key 


e diskshadow command 


import (diskpart) 
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Imports a foreign disk group into the disk group of the local computer. This command imports every disk that is in 
the same group as the disk with focus. 


[IMPORTANT] Before you can use this command, you must use the select disk command to select a dynamic 
disk in a foreign disk group and shift the focus to it. 


Syntax 


import [noerr] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To import every disk that is in the same disk group as the disk with focus into the disk group of the local computer, 
type: 


import 


Additional References 


e Command-Line Syntax Key 


e diskpart command 


inactive 
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Marks the system partition or boot partition with focus as inactive on basic master boot record (MBR) disks. 


An active system or boot partition must be selected for this operation to succeed. Use the select partition 
command command to select the active partition and shift the focus to it. 


Caution 


Your computer might not start without an active partition. Don't mark a system or boot partition as inactive unless 
you are an experienced user with a thorough understanding of the Windows family of operating systems. 


If you're unable to start your computer after marking the system or boot partition as inactive, insert the Windows 
Setup CD in the CD-ROM drive, restart the computer, and then repair the partition using the fixmbr and fixboot 
commands in the Recovery Console. 


After you mark the system partition or boot partition as inactive, your computer starts from the next option 
specified in the BIOS, such as the CD-ROM drive or a Pre-Boot eXecution Environment (PXE). 


Syntax 


inactive 


Examples 


inactive 


Additional References 
e Command-Line Syntax Key 
e select partition command 


e Advanced troubleshooting for Windows boot problems 


inuse 
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The inuse command has been deprecated and isn't guaranteed to be supported in future releases of Windows. 


This tool is included in Windows Server 2003. For more information, see Inuse. 


Additional References 


e Command-Line Syntax Key 


ipconfig 
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Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol 
(DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays Internet Protocol 
version 4 (IPv4) and IPv6 addresses, subnet mask, and default gateway for all adapters. 


Syntax 


ipconfig [/allcompartments] [/all] [/renew [<adapter>]] [/release [<adapter>]] [/renew6[<adapter>]] [/release6 
[<adapter>]] [/flushdns] [/displaydns] [/registerdns] [/showclassid <adapter>] [/setclassid <adapter> 
[<classID>]] 


Parameters 


PARAMETER DESCRIPTION 


/all Displays the full TCP/IP configuration for all adapters. Adapters 
can represent physical interfaces, such as installed network 
adapters, or logical interfaces, such as dial-up connections. 


/displaydns Displays the contents of the DNS client resolver cache, which 
includes both entries preloaded from the local Hosts file and 
any recently obtained resource records for name queries 
resolved by the computer. The DNS Client service uses this 
information to resolve frequently queried names quickly, 
before querying its configured DNS servers. 


/flushdns Flushes and resets the contents of the DNS client resolver 
cache. During DNS troubleshooting, you can use this 
procedure to discard negative cache entries from the cache, as 
well as any other entries that have been added dynamically. 


/registerdns Initiates manual dynamic registration for the DNS names and 
IP addresses that are configured at a computer. You can use 
this parameter to troubleshoot a failed DNS name registration 
or resolve a dynamic update problem between a client and the 
DNS server without rebooting the client computer. The DNS 
settings in the advanced properties of the TCP/IP protocol 
determine which names are registered in DNS. 


/release [<adapter>] Sends a DHCPRELEASE message to the DHCP server to 
release the current DHCP configuration and discard the IP 
address configuration for either all adapters (if an adapter is 
not specified) or for a specific adapter if the adapter parameter 
is included. This parameter disables TCP/IP for adapters 
configured to obtain an IP address automatically. To specify an 
adapter name, type the adapter name that appears when you 
use ipconfig without parameters. 


PARAMETER DESCRIPTION 


/release6 [<adapter>] Sends a DHCPRELEASE message to the DHCPV6 server to 
release the current DHCP configuration and discard the IPv6 
address configuration for either all adapters (if an adapter is 
not specified) or for a specific adapter if the adapter parameter 
is included. This parameter disables TCP/IP for adapters 
configured to obtain an IP address automatically. To specify an 
adapter name, type the adapter name that appears when you 
use ipconfig without parameters. 


/renew [<adapter>] Renews DHCP configuration for all adapters (if an adapter is 
not specified) or for a specific adapter if the adapter parameter 
is included. This parameter is available only on computers with 
adapters that are configured to obtain an IP address 
automatically. To specify an adapter name, type the adapter 
name that appears when you use ipconfig without 
parameters. 


/renew6 [<adapter>] Renews DHCPVv6 configuration for all adapters (if an adapter is 
not specified) or for a specific adapter if the adapter parameter 
is included. This parameter is available only on computers with 
adapters that are configured to obtain an IPv6 address 
automatically. To specify an adapter name, type the adapter 
name that appears when you use ipconfig without 
parameters. 


/setclassid <adapter>[<classID>] Configures the DHCP class ID for a specified adapter. To set 
the DHCP class ID for all adapters, use the asterisk (*) wildcard 
character in place of adapter. This parameter is available only 
on computers with adapters that are configured to obtain an 
IP address automatically. If a DHCP class ID is not specified, 
the current class ID is removed. 


/showclassid <adapter> Displays the DHCP class ID for a specified adapter. To see the 
DHCP class ID for all adapters, use the asterisk (*) wildcard 
character in place of adapter. This parameter is available only 
on computers with adapters that are configured to obtain an 
IP address automatically. 


R Displays Help at the command prompt. 


Remarks 

e This command is most useful on computers that are configured to obtain an IP address automatically. This 
enables users to determine which TCP/IP configuration values have been configured by DHCP Automatic 
Private IP Addressing (APIPA), or an alternate configuration. 


e |f the name you supply for adapter contains any spaces, use quotation marks around the adapter name (for 
example, "adapter name"). 


e For adapter names, ipconfig supports the use of the asterisk (*) wildcard character to specify either 
adapters with names that begin with a specified string or adapters with names that contain a specified 
string. For example, Local* matches all adapters that start with the string Local and *con* matches all 
adapters that contain the string Con. 


Examples 


To display the basic TCP/IP configuration for all adapters, type: 


ipconfig 

To display the full TCP/IP configuration for all adapters, type: 
ipconfig /all 

To renew a DHCP-assigned IP address configuration for only the Local Area Connection adapter, type: 
ipconfig /renew Local Area Connection 

To flush the DNS resolver cache when troubleshooting DNS name resolution problems, type: 
ipconfig /flushdns 

To display the DHCP class ID for all adapters with names that start with Local, type: 
ipconfig /showclassid Local* 

To set the DHCP class ID for the Local Area Connection adapter to TEST, type: 
ipconfig /setclassid Local Area Connection TEST 


Additional References 


e Command-Line Syntax Key 


jpxroute 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays and modifies information about the routing tables used by the IPX protocol. Used without parameters, 
ipxroute displays the default settings for packets that are sent to unknown, broadcast, and multicast addresses. 


Syntax 


ipxroute servers [/type=x] 

ipxroute ripout <network> 

ipxroute resolve (guid | name) (GUID | <adaptername>) 
ipxroute board= N [def] [gbr] [mbr] [remove=xxxxxxxxxxxx ] 
ipxroute config 


Parameters 


PARAMETER DESCRIPTION 


servers [/type=x] Displays the Service Access Point (SAP) table for the specified 
server type. x must be an integer. For example, /type=4 
displays all file servers. If you don't specify /type, 
ipxroute servers displays all types of servers, listing them 
by server name. 


resolve {GUID | name} {GUID | adaptername) Resolves the name of the GUID to its friendly name, or the 
friendly name to its GUID. 


board= n Specifies the network adapter for which to query or set 
parameters. 


def Sends packets to the ALL ROUTES broadcast. If a packet is 
transmitted to a unique Media Access Card (MAC) address 
that is not in the source routing table, ipxroute sends the 
packet to the SINGLE ROUTES broadcast by default. 


gbr Sends packets to the ALL ROUTES broadcast. If a packet is 
transmitted to the broadcast address (FFFFFFFFFFFF), 
ipxroute sends the packet to the SINGLE ROUTES broadcast 
by default. 


mbr Sends packets to the ALL ROUTES broadcast. If a packet is 
transmitted to a multicast address (COOOxxxxxxxx), ipxroute 
sends the packet to the SINGLE ROUTES broadcast by default. 


TEMOVE= XXXXXXXXXXXX removes the given node address from the source routing 
table. 


config Displays information about all of the bindings for which IPX is 
configured. 


PARAMETER DESCRIPTION 


/? Displays help at the command prompt. 
Examples 
To display the network segments that the workstation is attached to, the workstation node address, and frame type 


being used, type: 


ipxroute config 


Additional References 


e Command-Line Syntax Key 


irftp 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sends files over an infrared link. 





IMPORTANT 


Make sure the devices intended to communicate over an infrared link have infrared functionality enabled and are working 


correctly. Also make sure an infrared link is established between the devices. 





Syntax 


irftp [<drive>:\] [[<path>] <filename>] [/h][/s] 


Parameters 

PARAMETER DESCRIPTION 

<drive>:\ Specifies the drive that contains the files that you want to 
send over an infrared link. 

[path]<filename> Specifies the location and name of the file or set of files that 
you want to send over an infrared link. If you specify a set of 
files, you must specify the full path for each file. 

/h Specifies hidden mode. When hidden mode is used, the files 
are sent without displaying the Wireless Link dialog box. 

/s Opens the Wireless Link dialog box, so that you can select 
the file or set of files that you want to send without using the 
command line to specify the drive, path, and file names. The 
Wireless Link dialog box also opens if you use this command 
without any parameters. 

Examples 


To send c:\example.txt over the infrared link, type: 


irftp c:\example.txt 


Additional References 


e Command-Line Syntax Key 


jetpack 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Compacts a Windows Internet Name Service (WINS) or Dynamic Host Configuration Protocol (DHCP) database. 
We recommend you compact the WINS database whenever it approaches 30 MB. 

Jetpack.exe compacts the database by: 

1. Copying the database information to a temporary database file. 

2. Deleting the original database file, either WINS or DHCP. 


3. Renames the temporary database files to the original filename. 


Syntax 


jetpack.exe <database name> <temp database name> 


Parameters 
PARAMETER DESCRIPTION 
«database name> Specifies the name of the original database file. 
<temp_database_name> Specifies the name of the temporary database file to be 
created by jetpack.exe. 
Note: This temporary file is removed when the compact 
process is complete. For this command to work properly, 
you must make sure your temp file name is unique and 
that a file with that name doesn't already exist. 
/? Displays help at the command prompt. 
Examples 


To compact the WINS database, where Tmp.mdb is a temporary database and Wins.mdb is the WINS database, 
type: 


cd %SYSTEMROOT%\SYSTEM32\WINS 
NET STOP WINS 

jetpack Wins.mdb Tmp.mdb 

NET start WINS 


To compact the DHCP database, where Tmp.mdb is a temporary database and Dhcp.mdb is the DHCP database, 
type: 


cd %SYSTEMROOT%\SYSTEM32\DHCP 
NET STOP DHCPSERVER 

jetpack Dhcp.mdb Tmp.mdb 

NET start DHCPSERVER 


Additional References 


e Command-Line Syntax Key 


klist 
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Displays a list of currently cached Kerberos tickets. 





IMPORTANT 


You must be at least a Domain Admin, or equivalent, to run all the parameters of this command. 





Syntax 


klist [-lh <logonID.highpart>] [-1i <logonID.lowpart>] tickets | tgt | purge | sessions | kcd_cache | get | 
add_bind | query_bind | purge_bind 


Parameters 

PARAMETER DESCRIPTION 

-Ih Denotes the high part of the user's locally unique identifier 
(LUID), expressed in hexadecimal. If neither -Ih nor -li are 
present, the command defaults to the LUID of the user who is 
currently signed in. 

-li Denotes the low part of the user's locally unique identifier 
(LUID), expressed in hexadecimal. If neither -Ih nor -li are 
present, the command defaults to the LUID of the user who is 
currently signed in. 

tickets Lists the currently cached ticket-granting-tickets (TGTs), and 
service tickets of the specified logon session. This is the 
default option. 

tgt Displays the initial Kerberos TGT. 

purge Allows you to delete all the tickets of the specified logon 
session. 

sessions Displays a list of logon sessions on this computer. 

kcd_cache Displays the Kerberos constrained delegation cache 
information. 

get Allows you to request a ticket to the target computer 
specified by the service principal name (SPN). 

add_bind Allows you to specify a preferred domain controller for 
Kerberos authentication. 

query_bind Displays a list of cached preferred domain controllers for each 


domain that Kerberos has contacted. 


PARAMETER DESCRIPTION 


purge bind Removes the cached preferred domain controllers for the 


domains specified. 


kdcoptions Displays the Key Distribution Center (KDC) options specified 
in RFC 4120. 
R Displays Help for this command. 


Remarks 


e |f no parameters are provided, klist retrieves all the tickets for the currently logged on user. 


e The parameters display the following information: 


© tickets - Lists the currently cached tickets of services that you have authenticated to since logon. 


Displays the following attributes of all cached tickets: 


o 


Oo 


o 


LogonID: The LUID. 
Client: The concatenation of the client name and the domain name of the client. 
Server: The concatenation of the service name and the domain name of the service. 


KerbTicket Encryption Type: The encryption type that is used to encrypt the Kerberos 
ticket. 


Ticket Flags: The Kerberos ticket flags. 
Start Time: The time from which the ticket is valid. 


End Time: The time the ticket becomes no longer valid. When a ticket is past this time, it can 
no longer be used to authenticate to a service or be used for renewal. 


Renew Time: The time that a new initial authentication is required. 


Session Key Type: The encryption algorithm that is used for the session key. 


o tgt - Lists the initial Kerberos TGT and the following attributes of the currently cached ticket: 


o 


o 


LogonID: Identified in hexadecimal. 

ServiceName: krbtgt 

TargetName <sPN> : krbtgt 

DomainName: Name of the domain that issues the TGT. 
TargetDomainName: Domain that the TGT is issued to. 
AltTargetDomainName: Domain that the TGT is issued to. 
Ticket Flags: Address and target actions and type. 

Session Key: Key length and encryption algorithm. 
StartTime: Local computer time that the ticket was requested. 


EndTime: Time the ticket becomes no longer valid. When a ticket is past this time, it can no 
longer be used to authenticate to a service. 


RenewUntil: Deadline for ticket renewal. 


o TimeSkew: Time difference with the Key Distribution Center (KDO). 
o EncodedTicket: Encoded ticket. 


o purge - Allows you to delete a specific ticket. Purging tickets destroys all tickets that you have 
cached, so use this attribute with caution. It might stop you from being able to authenticate to 
resources. If this happens, you'll have to log off and log on again. 


o LogonlD: Identified in hexadecimal. 


o sessions - Allows you to list and display the information for all logon sessions on this computer. 


o LogonID: If specified, displays the logon session only by the given value. If not specified, displays 
all the logon sessions on this computer. 


o kcd_cache - Allows you to display the Kerberos constrained delegation cache information. 


o LogonlD: If specified, displays the cache information for the logon session by the given value. If 
not specified, displays the cache information for the current user's logon session. 


o get - Allows you to request a ticket to the target that is specified by the SPN. 


o LogonlD: If specified, requests a ticket by using the logon session by the given value. If not 
specified, requests a ticket by using the current user's logon session. 


o kdcoptions: Requests a ticket with the given KDC options 
o add bind - Allows you to specify a preferred domain controller for Kerberos authentication. 
o query bind - Allows you to display cached, preferred domain controllers for the domains. 
o purge bind - Allows you to remove cached, preferred domain controllers for the domains. 
o kdcoptions - For the current list of options and their explanations, see RFC 4120. 


Examples 
To query the Kerberos ticket cache to determine if any tickets are missing, if the target server or account is in error, 


or if the encryption type is not supported due to an Event ID 27 error, type: 


klist 


klist -li Øx3e7 


To learn about the specifics of each ticket-granting-ticket that is cached on the computer for a logon session, type: 


klist tgt 


To purge the Kerberos ticket cache, log off, and then log back on, type: 


klist purge 


klist purge -li Øx3e7 


To diagnose a logon session and to locate a logonID for a user or a service, type: 


klist sessions 


To diagnose Kerberos constrained delegation failure, and to find the last error that was encountered, type: 
klist kcd cache 

To diagnose if a user or a service can get a ticket to a server, or to request a ticket for a specific SPN, type: 
klist get host/%computername% 


To diagnose replication issues across domain controllers, you typically need the client computer to target a specific 
domain controller. To target the client computer to the specific domain controller, type: 


klist add_bind CONTOSO KDC.CONTOSO.COM 


klist add bind CONTOSO.COM KDC.CONTOSO.COM 
To query which domain controllers were recently contacted by this computer, type: 
klist query bind 


To rediscover domain controllers, or to flush the cache before creating new domain controller bindings with 


klist add bind, type: 


klist purge bind 


Additional References 


e Command-Line Syntax Key 


ksetup 
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Performs tasks related to setting up and maintaining Kerberos protocol and the Key Distribution Center (KDC) to 
support Kerberos realms. Specifically, this command is used to: 


e Change the computer settings for locating Kerberos realms. In non-Microsoft, Kerberos—based 
implementations, this information is usually kept in the Krb5.conf file. In Windows Server operating 
systems, it's kept in the registry. You can use this tool to modify these settings. These settings are used by 
workstations to locate Kerberos realms and by domain controllers to locate Kerberos realms for cross- 
realm trust relationships. 


e Initialize registry keys that the Kerberos Security Support Provider (SSP) uses to locate a KDC for the 
Kerberos realm, if the computer is isn't a member of a Windows domain. After configuration, the user of a 
client computer running the Windows operating system can log on to accounts in the Kerberos realm. 


e Search the registry for the domain name of the user's realm and then resolves the name to an IP address 
by querying a DNS server. The Kerberos protocol can use DNS to locate KDCs by using only the realm 
name, but it must be specially configured to do so. 


Syntax 


ksetup 

[/setrealm <DNSdomainname> ] 

[/mapuser <principal> <account>] 

[/addkdc <realmname> <KDCname>] 

[/delkdc <realmname> <KDCname>] 

[/addkpasswd <realmname> <KDCPasswordName> ] 

[/delkpasswd <realmname> <KDCPasswordName> ] 

[/server <servername> ] 

[/setcomputerpassword <password> ] 

[/removerealm <realmname>] 

[/domain <domainname>] 

[/changepassword <oldpassword> <newpassword>] 

[/listrealmflags] 

[/setrealmflags <realmname> [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4]] 
[/addrealmflags <realmname> [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4]] 
[/delrealmflags [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4]] 
[/dumpstate ] 

[/addhosttorealmmap] <hostname> <realmname>] 

[/delhosttorealmmap] <hostname> <realmname>] 

[/setenctypeattr] <domainname> {DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-MDS | AES128-CTS-HMAC-SHA1-96 | AES256- 
CTS-HMAC-SHA1-96} 

[/getenctypeattr] <domainname> 

[/addenctypeattr] <domainname> {DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-MDS | AES128-CTS-HMAC-SHA1-96 | AES256- 
CTS-HMAC-SHA1-96} 

[/delenctypeattr] <domainname> 


Parameters 
PARAMETER DESCRIPTION 
ksetup setrealm Makes this computer a member of a Kerberos realm. 


ksetup addkdc Defines a KDC entry for the given realm. 


PARAMETER 

ksetup delkdc 
ksetup addkpasswd 
ksetup delkpasswd 


ksetup server 


ksetup setcomputerpassword 


ksetup removerealm 


ksetup domain 


ksetup changepassword 


ksetup listrealmflags 
ksetup setrealmflags 
ksetup addrealmflags 
ksetup delrealmflags 


ksetup dumpstate 


ksetup addhosttorealmmap 


ksetup delhosttorealmmap 


ksetup setenctypeattr 


ksetup getenctypeattr 


ksetup addenctypeattr 


ksetup delenctypeattr 


/ 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Deletes a KDC entry for the realm. 


Adds a kpasswd server address for a realm. 


Deletes a kpasswd server address for a realm. 


Allows you to specify the name of a Windows computer on 
which to apply the changes. 


Sets the password for the computer's domain account (or 
host principal). 


Deletes all information for the specified realm from the 
registry. 


Allows you to specify a domain (if the <domainname> hasn't 
already been set by the /domain parameter). 


Allows you to use the kpasswd to change the logged on 
user's password. 


Lists the available realm flags that ksetup can detect. 


Sets realm flags for a specific realm. 


Adds additional realm flags to a realm. 


Deletes realm flags from a realm. 


Analyzes the Kerberos configuration on the given computer. 
Adds a host to realm mapping to the registry. 


Adds a registry value to map the host to the Kerberos realm. 


Deletes the registry value that mapped the host computer 
to the Kerberos realm. 


Sets one or more encryption types trust attributes for the 
domain. 


Gets the encryption types trust attribute for the domain. 


Adds encryption types to the encryption types trust 
attribute for the domain. 


Deletes the encryption types trust attribute for the domain. 


Displays Help at the command prompt. 


ksetup addenctypeattr 
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Adds the encryption type attribute to the list of possible types for the domain. A status message is displayed upon 
successful or failed completion. 


Syntax 


ksetup /addenctypeattr <domainname> {DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-MDS | AES128-CTS-HMAC-SHA1-96 | 
AES256-CTS-HMAC-SHA1-96) 


Parameters 
PARAMETER DESCRIPTION 
<domainname> Name of the domain to which you want to establish a 
connection. Use the fully qualified domain name or a simple 
form of the name, such as corp.contoso.com or contoso. 
encryption type Must be one of the following supported encryption types: 
@ DES-CBC-CRC 
e DES-CBC-MD5 
@ RC4-HMAC-MD5 
e AES128-CTS-HMAC-SHA1-96 
e@ AES256-CTS-HMAC-SHA1-96 
Remarks 


e You can set or add multiple encryption types by separating the encryption types in the command with a space. 
However, you can only do so for one domain at a time. 


Examples 


To view the encryption type for the Kerberos ticket-granting ticket (TGT) and the session key, type: 


klist 


To set the domain to corp.contoso.com, type: 


ksetup /domain corp.contoso.com 


To add the encryption type AFS-256-CTS-HMAC-SHA7-96 to the list of possible types for the domain 
corp.contoso.com, type: 


ksetup /addenctypeattr corp.contoso.com AES-256-CTS-HMAC-SHA1-96 


To set the encryption type attribute to AFS-256-CTS-HMAC-SHA 1-96 for the domain corp.contoso.com, type: 


ksetup /setenctypeattr corp.contoso.com AES-256-CTS-HMAC-SHA1-96 


To verify that the encryption type attribute was set as intended for the domain, type: 


ksetup /getenctypeattr corp.contoso.com 


Additional References 


Command-Line Syntax Key 

klist command 

ksetup command 

ksetup domain command 
ksetup setenctypeattr command 
ksetup getenctypeattr command 


ksetup delenctypeattr command 


ksetup addhosttorealmmap 
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Adds a service principal name (SPN) mapping between the stated host and the realm. This command also allows 
you to map a host or multiple hosts that are sharing the same DNS suffix to the realm. 


The mapping is stored in the registry, under 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentContolSet\Lsa\Kerberos\HostToRealm. 


Syntax 


ksetup /addhosttorealmmap <hostname> <realmname> 


Parameters 
PARAMETER DESCRIPTION 
<hostname> The host name is the computer name, and it can be stated as 
the computer's fully qualified domain name. 
<realmname> The realm name is stated as an uppercase DNS name, such as 
CORPCONTOSO.COM. 
Examples 


To map the host computer /Pops897 to the CON7OSO realm, type: 


ksetup /addhosttorealmmap IPops897 CONTOSO 
Check the registry to make sure the mapping occurred as intended. 


Additional References 
e Command-Line Syntax Key 
e ksetup command 


e ksetup delhosttorealmmap command 


ksetup addkdc 
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Adds a Key Distribution Center (KDC) address for the given Kerberos realm 


The mapping is stored in the registry, under 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Kerberos\Domains and the computer 
must be restarted before the new realm setting will be used. 





NOTE 


To deploy Kerberos realm configuration data to multiple computers, you must use the Security Configuration Template 
snap-in and policy distribution, explicitly on individual computers. You can't use this command. 





Syntax 


ksetup /addkdc <realmname> [<KDCname>] 


Parameters 
PARAMETER DESCRIPTION 
<realmname> Specifies the uppercase DNS name, such as 
CORPCONTOSO.COM. This value also appears as the default 
realm when ksetup is run, and is the realm to which you 
want to add the other KDC. 
<KDCname> Specifies the case-insensitive, fully-qualified domain name, 
such as mitkdc.contoso.com. If the KDC name is omitted, DNS 
will locate KDCs. 
Examples 


To configure a non-Windows KDC server and the realm that the workstation should use, type: 


ksetup /addkdc CORP.CONTOSO.COM mitkdc.contoso.com 


To set the local computer account password to p@sswrd1% on the same computer as in the previous example, and 
then to restart the computer, type: 


ksetup /setcomputerpassword p@sswrd1% 


To verify the default realm name for the computer or to verify that this command worked as intended, type: 


ksetup 


Check the registry to make sure the mapping occurred as intended. 


Additional References 
e Command-Line Syntax Key 


e ksetup command 


e ksetup setcomputerpassword command 


ksetup addkpasswd 
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Adds a Kerberos password (kpasswd) server address for a realm. 


Syntax 


ksetup /addkpasswd <realmname> [<kpasswdname>] 


Parameters 
PARAMETER DESCRIPTION 
<realmname> Specifies the uppercase DNS name, such as 
CORPCONTOSO.COM, and is listed as the default realm or 
Realm= when ksetup is run. 
<kpasswdname> Specifies the Kerberos password server. It's stated as a case- 
insensitive, fully-qualified domain name, such as 
mitkdc.contoso.com. If the KDC name is omitted, DNS might 
be used to locate KDCs. 
Remarks 


e Ifthe Kerberos realm that the workstation will be authenticating to supports the Kerberos change password 
protocol, you can configure a client computer running the Windows operating system to use a Kerberos 
password server. 


e You can add additional KDC names one at a time. 


Examples 


To configure the CORRCONTOSO.COM realm to use the non-Windows KDC server, mitkdc.contoso.com, as the 
password server, type: 


ksetup /addkpasswd CORP.CONTOSO.COM mitkdc.contoso.com 


To verify the KDC name is set, type ksetup and then view the output, looking for the text, kpasswd =. If you don't 
see the text, it means the mapping hasn't been configured. 


Additional References 


e Command-Line Syntax Key 
e ksetup command 


e ksetup delkpasswd command 


ksetup addrealmflags 
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Adds additional realm flags to the specified realm. 


Syntax 


ksetup /addrealmflags <realmname> [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4] 


Parameters 
PARAMETER DESCRIPTION 
<realmname> Specifies the uppercase DNS name, such as 
CORPCONTOSO.COM. 
Remarks 


e The realm flags specify additional features of a Kerberos realm that aren't based on the Windows Server 
operating system. Computers that are running Windows Server, can use a Kerberos server to administer 
authentication in the Kerberos realm, instead of using a domain running a Windows Server operating system. 
This entry establishes the features of the realm, and are as follows: 


VALUE REALM FLAG DESCRIPTION 
OxF All All realm flags are set. 
0x00 None No realm flags are set, and no 


additional features are enabled. 


0x01 sendaddress The IP address will be included within 
the ticket-granting tickets. 


0x02 tcpsupported Both the Transmission Control Protocol 
(TCP) and the User Datagram Protocol 
(UDP) are supported in this realm. 


0x04 delegate Everyone in this realm is trusted for 
delegation. 
0x08 ncsupported This realm supports name 


canonicalization, which allows for DNS 
and Realm naming standards. 


0x80 rc4 This realm supports RC4 encryption to 
enable cross-realm trust, which allows 
for the use of TLS. 


e Realm flags are stored in the registry under 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\<realmname> . This entry doesn't 


exist in the registry by default. You can use the ksetup addrealmflags command to populate the registry. 


e You can see the available and set realm flags by viewing the output of ksetup or ksetup /dumpstate . 


Examples 


To list the available realm flags for the realm CONTOSO, type: 
ksetup /listrealmflags 

To set two flags to the CONTOSO realm, type: 
ksetup /setrealmflags CONTOSO ncsupported delegate 

To add one more flag that is not currently in the set, type: 


ksetup /addrealmflags CONTOSO SendAddress 


To verify the realm flag is set, type ksetup and then view the output, looking for the text, Realm flags =. If you 
don't see the text, it means that the flag hasn't been set. 


Additional References 


e Command-Line Syntax Key 


ksetup command 


ksetup listrealmflags command 


ksetup setrealmflags command 


ksetup delrealmflags command 


ksetup dumpstate command 


ksetup changepassword 
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Uses the Key Distribution Center (KDC) password (kpasswd) value to change the password of the logged-on user. 
The output of the command informs you of the success or failure status. 


You can check whether the kpasswd is set, by running the ksetup /dumpstate command and viewing the output. 


Syntax 


ksetup /changepassword <oldpassword> <newpassword> 


Parameters 
PARAMETER DESCRIPTION 
<oldpassword> Specifies the logged-on user's existing password. 
<newpassword> Specifies the logged on user's new password. This password 
must meet all the password requirements set on this 
computer. 
Remarks 


e Ifthe user account isn't found in the current domain, the system will ask you to supply the domain name 
where the user account resides. 


e |f you want to force a password change at next logon, this command allows the use of the asterisk (*) so the 
user will be prompted for a new password. 


Examples 

To change the password of a user who is currently logged on to this computer in this domain, type: 
ksetup /changepassword Pas$wørd Pa$$w@rd 

To change the password of a user who is currently logged on in the Contoso domain, type: 
ksetup /domain CONTOSO /changepassword Pas$wørd Pa$$wørd 

To force the currently logged on user to change the password at the next logon, type: 


ksetup /changepassword Pas$wørd * 


Additional References 


e Command-Line Syntax Key 


e ksetup command 


ksetup dumpstate command 
ksetup addkpasswd command 
ksetup delkpasswd command 


ksetup dumpstate command 


ksetup delenctypeattr 
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Removes the encryption type attribute for the domain. A status message is displayed upon successful or failed 
completion. 


You can view the encryption type for the Kerberos ticket-granting ticket (TGT) and the session key, by running the 
klist command and viewing the output. You can set the domain to connect to and use, by running the 
ksetup /domain <domainname> command. 


Syntax 


ksetup /delenctypeattr <domainname> 


Parameters 
PARAMETER DESCRIPTION 
<domainname> Name of the domain to which you want to establish a 
connection. You can use either the fully-qualified domain 
name or a simple form of the name, such as corp.contoso.com 
or contoso. 
Examples 


To determine the current encryption types that are set on this computer, type: 
klist 

To set the domain to mit.contoso.com, type: 
ksetup /domain mit.contoso.com 

To verify what the encryption type attribute is for the domain, type: 
ksetup /getenctypeattr mit.contoso.com 

To remove the set encryption type attribute for the domain mit.contoso.com, type: 


ksetup /delenctypeattr mit.contoso.com 


Additional References 


e Command-Line Syntax Key 
e klist command 


e ksetup command 


e ksetup domain command 
e ksetup addenctypeattr command 


e ksetup setenctypeattr command 


ksetup delhosttorealmmap 
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Removes a service principal name (SPN) mapping between the stated host and the realm. This command also 
removes any mapping between a host to realm (or multiple hosts to realm). 


The mapping is stored in the registry, under HKEY_LOCAL_MACHINE\SYSTEM\CurrentContolSet\Lsa\Kerberos\HostToRealm . 


After running this command, we recommend making sure the mapping appears in the registry. 


Syntax 


ksetup /delhosttorealmmap <hostname> <realmname> 


Parameters 
PARAMETER DESCRIPTION 
<hostname> Specifies the fully-qualified domain name of the computer. 
<realmname> Specifies the uppercase DNS name, such as 
CORPCONTOSO.COM. 
Examples 


To change the configuration of the realm CONTOSO, and to delete the mapping of the host computer IPops897 to 
the realm, type: 


ksetup /delhosttorealmmap IPops897 CONTOSO 


Additional References 


e Command-Line Syntax Key 
e ksetup command 


e ksetup addhosttorealmmap command 


ksetup delkdc 
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Deletes instances of Key Distribution Center (KDC) names for the Kerberos realm. 


The mapping is stored in the registry, under 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Kerberos\Domains . After running this command, we 


recommend making sure the KDC was removed and no longer appears in the list. 





NOTE 


To remove realm configuration data from multiple computers, use the Security Configuration Template snap-in with 
policy distribution, instead of using the ksetup command explicitly on individual computers. 





Syntax 


ksetup /delkdc <realmname> <KDCname> 


Parameters 
PARAMETER DESCRIPTION 
<realmname> Specifies the uppercase DNS name, such as 
CORPCONTOSO.COM. This is the default realm that appears 
when you run the ksetup command, and it's the realm from 
which you want to delete the KDC. 
<KDCname> Specifies the case-sensitive, fully-qualified domain name, such 
as mitkdc.contoso.com. 
Examples 


To view all of the associations between the Windows realm and the non-Windows realm, and to determine which 
ones to remove, type: 


ksetup 
To remove the association, type: 


ksetup /delkdc CORP.CONTOSO.COM mitkdc.contoso.com 


Additional References 


e Command-Line Syntax Key 
e ksetup command 


e ksetup addkdc command 


ksetup delkpasswd 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Removes a Kerberos password server (kpasswd) for a realm. 


Syntax 


ksetup /delkpasswd <realmname> <kpasswdname> 


Parameters 
PARAMETER 


<realmname> 


<kpasswdname> 


Examples 


DESCRIPTION 


Specifies the uppercase DNS name, such as 
CORPCONTOSO.COM, and is listed as the default realm or 
Realm= when ksetup is run. 


Specifies the Kerberos password server. It's stated as a case- 
insensitive, fully-qualified domain name, such as 
mitkdc.contoso.com. If the KDC name is omitted, DNS might 
be used to locate KDCs. 


To make sure the realm CORPCONTOSO.COM uses the non-Windows KDC server mitkdc.contoso.com as the 


password server, type: 


ksetup /delkpasswd CORP.CONTOSO.COM mitkdc.contoso.com 


To make sure the realm CORPCONTOSO.COM is not mapped to a Kerberos password server (the KDC name), type 


ksetup on the Windows computer and then view the output. 


Additional References 
e Command-Line Syntax Key 
e ksetup command 


e ksetup delkpasswd command 


ksetup delrealmflags 
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Removes realm flags from the specified realm. 


Syntax 


ksetup /delrealmflags <realmname> [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4] 


Parameters 
PARAMETER DESCRIPTION 
<realmname> Specifies the uppercase DNS name, such as 
CORPCONTOSO.COM, and is listed as the default realm or 
Realm= when ksetup is run. 
Remarks 


e The realm flags specify additional features of a Kerberos realm that aren't based on the Windows Server 
operating system. Computers that are running Windows Server, can use a Kerberos server to administer 
authentication in the Kerberos realm, instead of using a domain running a Windows Server operating system. 
This entry establishes the features of the realm, and are as follows: 


VALUE REALM FLAG DESCRIPTION 
OxF All All realm flags are set. 
0x00 None No realm flags are set, and no 


additional features are enabled. 


0x01 sendaddress The IP address will be included within 
the ticket-granting tickets. 


0x02 tcpsupported Both the Transmission Control Protocol 
(TCP) and the User Datagram Protocol 
(UDP) are supported in this realm. 


0x04 delegate Everyone in this realm is trusted for 
delegation. 
0x08 ncsupported This realm supports name 


canonicalization, which allows for DNS 
and Realm naming standards. 


0x80 rc4 This realm supports RC4 encryption to 
enable cross-realm trust, which allows 
for the use of TLS. 


e Realm flags are stored in the registry under 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\<realmname> . This entry doesn't 


exist in the registry by default. You can use the ksetup addrealmflags command to populate the registry. 


e You can see the available and set realm flags by viewing the output of ksetup or ksetup /dumpstate . 


Examples 


To list the available realm flags for the realm CONTOSO, type: 
ksetup /listrealmflags 

To remove two flags currently in the set, type: 
ksetup /delrealmflags CONTOSO ncsupported delegate 


To verify the realm flags have been removed, type ksetup and then view the output, looking for the text, Realm 
flags =. 


Additional References 


e Command-Line Syntax Key 

e ksetup command 

e ksetup listrealmflags command 
e ksetup setrealmflags command 
e ksetup addrealmflags command 


e ksetup dumpstate command 


ksetup domain 
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Sets the domain name for all Kerberos operations. 


Syntax 


ksetup /domain <domainname> 


Parameters 
PARAMETER DESCRIPTION 
<domainname> Name of the domain to which you want to establish a 
connection. Use the fully-qualified domain name or a simple 
form of the name, such as contoso.com or contoso. 
Examples 


To establish a connection to a valid domain, such as Microsoft, by using the ksetup /mapuser subcommand, type: 
ksetup /mapuser principal@realm domain-user /domain domain-name 
After a successful connection, you'll receive a new TGT or an existing TGT will be refreshed. 


Additional References 


e Command-Line Syntax Key 
e ksetup command 


e ksetup mapuser command 


ksetup dumpstate 
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Displays the current state of realm settings for all realms that are defined on the computer. This command 
displays the same output as the ksetup command. 


Syntax 


ksetup /dumpstate 


Remarks 


e The output of this command includes the default realm (the domain that the computer is a member of) 
and all the realms that are defined on this computer. The following is included for each realm: 


o All the Key Distribution Centers (KDCs) that are associated with this realm. 
o All theset realm flags for this realm. 
o The KDC password. 


e This command doesn't display the domain name specified by DNS detection or by the command 


ksetup /domain . 


e This command doesn't display the computer password set by using the command 


ksetup /setcomputerpassword . 


Examples 


To locate the Kerberos realm configurations on a computer, type: 


ksetup /dumpstate 


Additional References 
e Command-Line Syntax Key 


e ksetup command 


ksetup getenctypeattr 
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Retrieves the encryption type attribute for the domain. A status message is displayed upon successful or failed 


completion. 


You can view the encryption type for the Kerberos ticket-granting ticket (TGT) and the session key, by running the 
klist command and viewing the output. You can set the domain to connect to and use, by running the 


ksetup /domain <domainname> command. 
Syntax 
ksetup /getenctypeattr <domainname> 


Parameters 


PARAMETER 


<domainname> 


Examples 


To verify the encryption type attribute for the domain, type: 


ksetup /getenctypeattr mit.contoso.com 


Additional References 
e Command-Line Syntax Key 

e klist command 

e ksetup command 

e ksetup domain command 

e ksetup addenctypeattr command 
e ksetup setenctypeattr command 


e ksetup delenctypeattr command 


DESCRIPTION 


Name of the domain to which you want to establish a 
connection. Use the fully-qualified domain name or a simple 
form of the name, such as corp.contoso.com or contoso. 


ksetup listrealmflags 
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Lists the available realm flags that can be reported by ksetup. 


Syntax 


ksetup /listrealmflags 


Remarks 


e The realm flags specify additional features of a Kerberos realm that aren't based on the Windows Server 
operating system. Computers that are running Windows Server, can use a Kerberos server to administer 
authentication in the Kerberos realm, instead of using a domain running a Windows Server operating system. 
This entry establishes the features of the realm, and are as follows: 


VALUE REALM FLAG DESCRIPTION 
OxF All All realm flags are set. 
0x00 None No realm flags are set, and no 


additional features are enabled. 


0x01 sendaddress The IP address will be included within 
the ticket-granting tickets. 


0x02 tcpsupported Both the Transmission Control Protocol 
(TCP) and the User Datagram Protocol 
(UDP) are supported in this realm. 


0x04 delegate Everyone in this realm is trusted for 
delegation. 
0x08 ncsupported This realm supports name 


canonicalization, which allows for DNS 
and Realm naming standards. 


0x80 rc4 This realm supports RC4 encryption to 
enable cross-realm trust, which allows 
for the use of TLS. 


e Realm flags are stored in the registry under 


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\<realmname> . This entry doesn't exist 


in the registry by default. You can use the ksetup addrealmflags command to populate the registry. 


Examples 


To list the known realm flags on this computer, type: 


ksetup /listrealmflags 


To set the available realm flags that ksetup doesn't know, type: 

ksetup /setrealmflags CORP.CONTOSO.COM sendaddress tcpsupported delete ncsupported 
-OR- 

ksetup /setrealmflags CORP.CONTOSO.COM ØxF 


Additional References 


e Command-Line Syntax Key 


ksetup command 


ksetup addrealmflags command 


e ksetup setrealmflags command 


ksetup delrealmflags command 


ksetup mapuser 
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Maps the name of a Kerberos principal to an account. 


Syntax 


ksetup /mapuser <principal> <account> 


Parameters 
PARAMETER DESCRIPTION 
<principal> Specifies the fully-qualified domain name of any principal user. 
For example, mike@corp.CONTOSO.COM. If you don't specify 
an account parameter, mapping is deleted for the specified 
principal. 
<account> Specifies any account or security group name that exists on 
this computer, such as Guest, Domain Users, or 
Administrator. If this parameter is omitted, mapping is 
deleted for the specified principal. 
Remarks 


e An account can be specifically identified, such as Domain Guests, or you can use a wildcard character (*) to 
include all accounts. 


e The computer only authenticates the principals of the given realm if they present valid Kerberos tickets. 


e Whenever changes are made to the external Key Distribution Center (KDC) and the realm configuration, a 
restart of the computer where the setting was changed is required. 


Examples 


To see the current mapped settings and the default realm, type: 


ksetup 


To map Mike Danseglio's account within the Kerberos realm CONTOSO to the guest account on this computer, 
granting him all the privileges of a member of the built-in Guest account without having to authenticate to this 
computer, type: 


ksetup /mapuser mike@corp.CONTOSO.COM guest 


To remove the mapping of Mike Danseglio's account to the guest account on this computer to prevent him from 
authenticating to this computer with his credentials from CONTOSO, type: 


ksetup /mapuser mike@corp.CONTOSO.COM 


To map Mike Danseglio's account within the CONTOSO Kerberos realm to any existing account on this computer, 


type: 


ksetup /mapuser mike@corp.CONTOSO.COM * 





NOTE 


If only the Standard User and Guest accounts are active on this computer, Mike's privileges are set to those. 





To map all accounts within the CONTOSO Kerberos realm to any existing account of the same name on this 
computer, type: 


ksetup /mapuser * * 


Additional References 
e Command-Line Syntax Key 


e ksetup command 


ksetup removerealm 
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Deletes all information for the specified realm from the registry. 


The realm name is stored in the registry under HKEY_LOCAL_MACHINE\SYSTEM\ControlSetee1 and 
\CurrentControlSet\Control\Lsa\Kerberos . This entry doesn't exist in the registry by default. You can use the ksetup 
addrealmflags command to populate the registry. 





IMPORTANT 


You can't remove the default realm name from the domain controller because this resets its DNS information, and removing 
it might make the domain controller unusable. 





Syntax 


ksetup /removerealm <realmname> 


Parameters 
PARAMETER DESCRIPTION 
<realmname> Specifies the uppercase DNS name, such as 
CORPCONTOSO.COM, and is listed as the default realm or 
Realm= when ksetup is run. 
Examples 


To remove an erroneous realm name (.CON instead of .COM) from the local computer, type: 


ksetup /removerealm CORP.CONTOSO.CON 
To verify the removal, you can run the ksetup command and review the output. 


Additional References 
e Command-Line Syntax Key 
e ksetup command 


e ksetup setrealm command 


ksetup server 
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Allows you to specify a name for a computer running the Windows operating system, so changes made by the 
ksetup command update the target computer. 


The target server name is stored in the registry under 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet@@1\Control\LSA\Kerberos . This entry isn't reported when you run the ksetup 
command. 





IMPORTANT 


There's no way to remove the targeted server name. Instead, you can change it back to the local computer name, which is 
the default. 





Syntax 


ksetup /server <servername> 


Parameters 
PARAMETER DESCRIPTION 
<servername> Specifies the full computer name on which the configuration 
will be effective, such as /Pops897.corp.contoso.com. 
If an incomplete fully-qualified domain computer name is 
specified, the command will fail. 
Examples 


To make your ksetup configurations effective on the /Pops897 computer, which is connected on the Contoso 
domain, type: 


ksetup /server IPops897.corp.contoso.com 


Additional References 


e Command-Line Syntax Key 


e ksetup command 


ksetup setcomputerpassword 
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Sets the password for the local computer. This command affects the computer account only and requires a restart 
for the password change to take effect. 





IMPORTANT 


The computer account password isn't displayed in the registry or as output from the ksetup command. 





Syntax 


ksetup /setcomputerpassword <password> 


Parameters 
PARAMETER DESCRIPTION 
<password> Specifies the supplied password to set the computer account 
on the local computer. The password can only be set by using 
an account with administrative privileges, and the password 
must be from 1 to 156 alphanumeric or special characters. 
Examples 


To change the computer account password on the local computer from /Pops897 to /Pop$897!, type: 


ksetup /setcomputerpassword IPop$897! 


Additional References 
e Command-Line Syntax Key 


e ksetup command 


ksetup setenctypeattr 
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Sets the encryption type attribute for the domain. A status message is displayed upon successful or failed 


completion. 


You can view the encryption type for the Kerberos ticket-granting ticket (TGT) and the session key, by running the 
klist command and viewing the output. You can set the domain to connect to and use, by running the 


ksetup /domain <domainname> command. 


Syntax 


ksetup /setenctypeattr <domainname> {DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-MD5 | AES128-CTS-HMAC-SHA1-96 | 
AES256-CTS-HMAC-SHA1-96} 


Parameters 
PARAMETER DESCRIPTION 
<domainname> Name of the domain to which you want to establish a 
connection. Use the fully qualified domain name or a simple 
form of the name, such as corp.contoso.com or contoso. 
encryption type Must be one of the following supported encryption types: 
@ DES-CBC-CRC 
e DES-CBC-MD5 
e RC4-HMAC-MD5 
@ AES128-CTS-HMAC-SHA1-96 
@ AES256-CTS-HMAC-SHA1-96 
Remarks 


e You can set or add multiple encryption types by separating the encryption types in the command with a space. 
However, you can only do so for one domain at a time. 


Examples 


To view the encryption type for the Kerberos ticket-granting ticket (TGT) and the session key, type: 


klist 


To set the domain to corp.contoso.com, type: 


ksetup /domain corp.contoso.com 


To set the encryption type attribute to AES-256-CTS-HMAC-SHA1-96 for the domain corp.contoso.com, type: 


ksetup /setenctypeattr corp.contoso.com AES-256-CTS-HMAC-SHA1-96 


To verify that the encryption type attribute was set as intended for the domain, type: 


ksetup /getenctypeattr corp.contoso.com 


Additional References 


Command-Line Syntax Key 

klist command 

ksetup command 

ksetup domain command 

ksetup addenctypeattr command 
ksetup getenctypeattr command 


ksetup delenctypeattr command 


ksetup setrealm 
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Sets the name of a Kerberos realm. 





IMPORTANT 


Setting the Kerberos realm on a domain controller isn't supported. Attempting to do so causes a warning and a command 
failure. 





Syntax 


ksetup /setrealm <DNSdomainname> 


Parameters 
PARAMETER DESCRIPTION 
<DNSdomainname> Specifies the uppercase DNS name, such as 

CORPCONTOSO.COM. You can use the fully-qualified domain 
name or a simple form of the name. If you don't use 
uppercase for the DNS name, you'll be asked for verification to 
continue. 

Examples 


To set the realm of this computer to a specific domain name, and to restrict access by a non-domain controller just 
to the CONTOSO Kerberos realm, type: 


ksetup /setrealm CONTOSO 


Additional References 


e Command-Line Syntax Key 
e ksetup command 


e ksetup removerealm 


ksetup setrealmflags 
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Sets realm flags for the specified realm. 


Syntax 


ksetup /setrealmflags <realmname> [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4] 


Parameters 
PARAMETER DESCRIPTION 
<realmname> Specifies the uppercase DNS name, such as 
CORPCONTOSO.COM. 
Remarks 


e Therealm flags specify additional features of a Kerberos realm that aren't based on the Windows Server 
operating system. Computers that are running Windows Server, can use a Kerberos server to administer 
authentication in the Kerberos realm, instead of using a domain running a Windows Server operating system. 
This entry establishes the features of the realm, and are as follows: 


VALUE REALM FLAG DESCRIPTION 
OxF All All realm flags are set. 
0x00 None No realm flags are set, and no 


additional features are enabled. 


0x01 sendaddress The IP address will be included within 
the ticket-granting tickets. 


0x02 tcpsupported Both the Transmission Control Protocol 
(TCP) and the User Datagram Protocol 
(UDP) are supported in this realm. 


0x04 delegate Everyone in this realm is trusted for 
delegation. 
0x08 ncsupported This realm supports name 


canonicalization, which allows for DNS 
and Realm naming standards. 


0x80 rc4 This realm supports RC4 encryption to 
enable cross-realm trust, which allows 
for the use of TLS. 


e Realm flags are stored in the registry under 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\<realmname> . This entry doesn't 


exist in the registry by default. You can use the ksetup addrealmflags command to populate the registry. 


e You can see the available and set realm flags by viewing the output of ksetup or ksetup /dumpstate . 


Examples 


To list the available, and to set realm flags for the realm CONTOSO, type: 


ksetup 
To set two flags that aren't currently set, type: 


ksetup /setrealmflags CONTOSO ncsupported delegate 


To verify the realm flag is set, type ksetup and then view the output, looking for the text, Realm flags =. If you 
don't see the text, it means that the flag hasn't been set. 


Additional References 
e Command-Line Syntax Key 

e ksetup command 

e ksetup listrealmflags command 
e ksetup addrealmflags command 
e ksetup delrealmflags command 


e ksetup dumpstate command 


ktmutil 
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Starts the Kernel Transaction Manager utility. If used without parameters, ktmutil displays available subcommands. 


Syntax 


ktmutil list tms 

ktmutil list transactions [{TmGUID}] 

ktmutil resolve complete {TmGUID} {RmGUID} {EnGUID} 
ktmutil resolve commit {TxGUID} 

ktmutil resolve rollback {TxGUID} 

ktmutil force commit {GUID} 

ktmutil force rollback {GUID} 

ktmutil forget 


Examples 


To force an Indoubt transaction with GUID 311a9209-03f4-11dc-918f-00188b8f707b to commit, type: 


ktmutil force commit {311a9209-03f4-11dc-918f-00188b8F707b} 


Additional References 


e Command-Line Syntax Key 


ktpass 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Configures the server principal name for the host or service in Active Directory Domain Services (AD DS) and 
generates a .keytab file that contains the shared secret key of the service. The .keytab file is based on the 
Massachusetts Institute of Technology (MIT) implementation of the Kerberos authentication protocol. The ktpass 
command-line tool allows non-Windows services that support Kerberos authentication to use the interoperability 
features provided by the Kerberos Key Distribution Center (KDC) service. 


Syntax 


ktpass 

[/out <filename>] 

[/princ <principalname>] 

[/mapuser <useraccount>] 

[/mapop {add|set}] [{-|+}desonly] [/in <filename>] 

[/pass {password|*|{-|+}rndpass}] 

[/minpass] 

[/maxpass ] 

[/crypto {DES-CBC-CRC|DES-CBC-MD5 | RC4-HMAC-NT | AES256-SHA1 | AES128-SHA1|A11}] 
[/itercount] 

[/ptype (KRB5 NT PRINCIPAL|KRB5 NT SRV INST|KRB5 NT SRV HST)] 

[/kvno <keyversionnum>] 

[/answer {-|+}] 

[/target] 

[/rawsalt] [{-|+}dumpsalt] [{-|+}setupn] [{-|+}setpass <password>] [/?|/h|/help] 


Parameters 

PARAMETER DESCRIPTION 

/out <filename> Specifies the name of the Kerberos version 5 .keytab file to 
generate. Note: This is the .keytab file you transfer to a 
computer that isn't running the Windows operating system, 
and then replace or merge with your existing .keytab file, 
/Etc/Krb5.keytab. 

/princ <principalname> Specifies the principal name in the form 
host/computer.contoso.com@CONTOSO.COM. Warning: This 
parameter is case-sensitive. 

/mapuser <useraccount> Maps the name of the Kerberos principal, which is specified by 
the princ parameter, to the specified domain account. 

/mapop {add|set} Specifies how the mapping attribute is set. 


e Add - Adds the value of the specified local user name. 
This is the default. 

e Set - Sets the value for Data Encryption Standard 
(DES)-only encryption for the specified local user name. 


PARAMETER 


{-|+} desonly 


/in  <«filename> 


/pass {password|*|{-|+}rndpass} 


/minpass 


/maxpass 


/crypto 


{DES-CBC-CRC|DES-CBC-MD5|RC4-HMAC-NT|AES256- 
SHA1 | AES128-SHA1|A11} 


/itercount 


/ptype 
{KRB5_NT_PRINCIPAL|KRB5_NT_SRV_INST|KRB5_NT_SRV_HST} 


/kvno <keyversionnum> 


/answer {-|+} 


DESCRIPTION 


DES-only encryption is set by default. 

e + Sets an account for DES-only encryption. 

e - Releases restriction on an account for DES-only 
encryption. Important: Windows doesn't support 
DES by default. 


Specifies the .keytab file to read from a host computer that is 
not running the Windows operating system. 


Specifies a password for the principal user name that is 
specified by the princ parameter. Use * to prompt fora 


password. 


Sets the minimum length of the random password to 15 
characters. 


Sets the maximum length of the random password to 256 
characters. 


Specifies the keys that are generated in the keytab file: 

e DES-CBC-CRC - Used for compatibility. 

e DES-CBC-MD5 - Adheres more closely to the MIT 
implementation and is used for compatibility. 

e RC4-HMAC-NT - Employs 128-bit encryption. 

e AES256-SHA1 - Employs AES256-CTS-HMAC-SHA1- 
96 encryption. 

e AES128-SHA1 - Employs AES128-CTS-HMAC-SHA1- 
96 encryption. 

e All - States that all supported cryptographic types can 
be used. 


Note: Because the default settings are based on older 
MIT versions, you should always use the /crypto 


parameter. 


Specifies the iteration count that is used for AES encryption. 
The default ignores itercount for non-AES encryption and 
sets AES encryption to 4,096. 


Specifies the principal type. 

e KRB5 NT PRINCIPAL - The general principal type 
(recommended). 

e KRB5 NT SRV INST - The user service instance 

e KRB5 NT SRV HST - The host service instance 


Specifies the key version number. The default value is 1. 


Sets the background answer mode: 

e - Answers reset password prompts automatically with 
NO. 

e + Answers reset password prompts automatically with 
YES. 


PARAMETER DESCRIPTION 


/target Sets which domain controller to use. The default is for the 
domain controller to be detected, based on the principal 
name. If the domain controller name doesn't resolve, a dialog 
box will prompt for a valid domain controller. 


/rawsalt forces ktpass to use the rawsalt algorithm when generating 
the key. This parameter is optional. 


{-|+}dumpsalt The output of this parameter shows the MIT salt algorithm 
that is being used to generate the key. 


{-|+}setupn Sets the user principal name (UPN) in addition to the service 
principal name (SPN). The default is to set both in the .keytab 
file. 

{-|+}setpass <password> Sets the user's password when supplied. If rndpass is used, a 


random password is generated instead. 


R Displays Help for this command. 


Remarks 


Services running on systems that aren't running the Windows operating system can be configured with 
service instance accounts in AD DS. This allows any Kerberos client to authenticate to services that are not 
running the Windows operating system by using Windows KDCs. 


The /princ parameter isn't evaluated by ktpass and is used as provided. There's no check to see if the 
parameter matches the exact case of the userPrincipalName attribute value when generating the Keytab 
file. Case-sensitive Kerberos distributions using this Keytab file might have problems if there's no exact case 
match, and could even fail during pre-authentication. To check and retrieve the correct userPrincipalName 
attribute value from a LDifDE export file. For example: 


ldifde /f keytab user.ldf /d CN=Keytab User,OU=UserAccounts ,DC=contoso,DC=corp,DC=microsoft,DC=com /p 
base /1 samaccountname,userprincipalname 


Examples 


To create a Kerberos .keytab file for a host computer that isn't running the Windows operating system, you must 


map the principal to the account and set the host principal password. 


1. 


2. 


3. 


Use the active directory User and computers snap-in to create a user account for a service on a computer 
that is not running the Windows operating system. For example, create an account with the name User7. 


Use the ktpass command to set up an identity mapping for the user account by typing: 


ktpass /princ host/User1.contoso.com@CONTOSO.COM /mapuser User1 /pass MyPas$w@rd /out machine.keytab 
/crypto all /ptype KRB5_NT_PRINCIPAL /mapop set 





NOTE 


You cannot map multiple service instances to the same user account. 





Merge the .keytab file with the /Etc/krb5.keytab file on a host computer that isn't running the Windows 
operating system. 


Additional References 


e Command-Line Syntax Key 


label 
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Creates, changes, or deletes the volume label (that is, the name) of a disk. If used without parameters, the label 
command changes the current volume label or deletes the existing label. 


Syntax 


label [/mp] [<volume>] [<label>] 


Parameters 
PARAMETER DESCRIPTION 
/mp Specifies that the volume should be treated as a mount point 
or volume name. 
<volume> Specifies a drive letter (followed by a colon), mount point, or 
volume name. If a volume name is specified, the /mp 
parameter is unnecessary. 
<label> Specifies the label for the volume. 
R Displays help at the command prompt. 
Remarks 


e Windows displays the volume label and serial number (if it has one) as part of the directory listing. 


e An NTFS volume label can be up to 32 characters in length, including spaces. NTFS volume labels retain and 
display the case that was used when the label was created. 


Examples 


To label a disk in drive A that contains sales information for July, type: 


label a:sales-july 


To view and delete the current label for drive C, follow these steps: 


1. At the command prompt, type: 


label 


Output similar to the following should be displayed: 


Volume in drive C: is Main Disk 
Volume Serial Number is 6789-ABCD 
Volume label (32 characters, ENTER for none)? 


2. Press ENTER. The following prompt should be displayed: 
Delete current volume label (Y/N)? 
3. Press Y to delete the current label, or N if you want to keep the existing label. 


Additional References 


e Command-Line Syntax Key 


list 
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Displays a list of disks, of partitions in a disk, of volumes in a disk, or of virtual hard disks (VHDs). 


Syntax 


list { disk | partition | volume | vdisk } 


Parameters 
PARAMETER DESCRIPTION 
disk Displays a list of disks and information about them, such as 
their size, amount of available free space, whether the disk is 
a basic or dynamic disk, and whether the disk uses the 
master boot record (MBR) or GUID partition table (GPT) 
partition style. 
partition Displays the partitions listed in the partition table of the 
current disk. 
volume Displays a list of basic and dynamic volumes on all disks. 
vdisk Displays a list of the VHDs that are attached and/or selected. 
This command lists detached VHDs if they are currently 
selected; however, the disk type is set to Unknown until the 
VHD is attached. The VHD marked with an asterisk (*) has 
focus. 
Remarks 


e When listing partitions on a dynamic disk, the partitions might not correspond to the dynamic volumes 
on the disk. This discrepancy occurs because dynamic disks contain entries in the partition table for the 
system volume or boot volume (if present on the disk). They also contain a partition that occupies the 
remainder of the disk in order to reserve the space for use by dynamic volumes. 


e The object marked with an asterisk (*) has focus. 


e When listing disks, if a disk is missing, its disk number is prefixed with M. For example, the first missing 
disk is numbered MO. 


Examples 


list disk 
list partition 
list volume 
list vdisk 


Additional References 


e Command-Line Syntax Key 


list providers 
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Lists shadow copy providers that are currently registered on the system. 


Syntax 


list providers 


Examples 


To list the currently registered shadow copy providers, type: 


list providers 


Output that is similar to the following displays: 


* ProviderID: {b5946137-7b9f-4925-af8@-51abd60b20d5} 
Type: [1] VSS_PROV_SYSTEM 
Name: Microsoft Software Shadow Copy provider 1.9 
Version: 1.0.0.7 
CLSID: (65eeldba-8ff4-4a58-ac1c-347Øee2f376a) 

1 provider registered. 


Additional References 


e Command-Line Syntax Key 


list shadows 


11/2/2020 * 2 minutes to read * Edit Online 





Lists persistent and existing non-persistent shadow copies that are on the system. 


Syntax 





list shadows {all | set <setID> | id <shadowID>} 

















Parameters 
PARAMETER DESCRIPTION 
all Lists all shadow copies. 
set Lists shadow copies that belong to the specified Shadow Copy 
Set ID. 
id <shadowID> Lists any shadow copy with the specified shadow copy ID. 


Additional References 


e Command-Line Syntax Key 


list writers 
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Lists writers that are on the system. If used without parameters, list displays the output for list metadata by 


default. 


Syntax 


list writers [metadata | detailed | status] 


Parameters 


PARAMETER 


metadata 


detailed 


status 


DESCRIPTION 


Lists the identity and status of writers, and displays metadata 
such as component details and excluded files. This is the 
default parameter. 


Lists the same information as metadata, but also includes the 
full file list for all components. 


Lists only the identity and status of registered writers. 


Examples 


To list only the identity and status of writers, type: 


list writers status 


Output that is similar to the following displays: 


Listing writer status ... 
* WRITER System Writer 

- Status: 5 (VSS WS WAITING FOR BACKUP COMPLETE) 

- Writer Failure code: @0x00000000 (S_OK) 

- Writer ID: {e8132975-6f93-4464-a53e-1050253ae220} 

- Instance ID: {7e631031-c695-4229-9da1-a7de@57e64cb} 
* WRITER Shadow Copy Optimization Writer 

- Status: 1 (VSS_WS_STABLE) 

- Writer Failure code: @0x0000000O (S_OK) 

- Writer ID: (4dc3bdd4-ab48-4dØ7-adbØ-3bee2926fd7f) 

- Instance ID: {9e362607-9794-4dd4-a7cd-b3d5de@aad20} 
* WRITER Registry Writer 

- Status: 1 (VSS_WS_STABLE) 

- Writer Failure code: @0x00000000 (S_OK) 

- Writer ID: {afbab4a2-367d-4d15-a586-71dbb18f8485} 

- Instance ID: (e87ba7e3-f8d8-42d8-b2ee-c76ae26b98e8) 
8 writers listed. 


Additional References 


e Command-Line Syntax Key 


Load metadata 
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Loads a metadata .cab file prior to importing a transportable shadow copy or loads the writer metadata in the 
case of a restore. If used without parameters, load metadata displays help at the command prompt. 


Syntax 


load metadata [<drive>:][<path>]<metadata.cab> 


Parameters 
PARAMETER DESCRIPTION 
[<drive>:][<path>] Specifies the location of the metadata file. 
metadata.cab Specifies the metadata .cab file to load. 
Remarks 


e You can use the import command to import a transportable shadow copy based on the metadata specified 
by load metadata. 


e You must run this command before the begin restore command, to load the selected writers and 


components for the restore. 


Examples 


To load a metadata file called metafile.cab from the default location, type: 


load metadata metafile.cab 


Additional References 


e Command-Line Syntax Key 
e import diskshadow command 


e begin restore command 


lodctr 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Allows you to register or save performance counter name and registry settings in a file and designate trusted 
services. 


Syntax 


lodctr <filename> [/s:<filename>] [/r:<filename>] [/t:<servicename>] 


Parameters 
PARAMETER DESCRIPTION 
<filename> Specifies the name of the initialization file that registers the 
performance counter name settings and explanatory text. 

/s: <filename> Specifies the name of the file to which the performance 
counter registry settings and explanatory text are saved. 

/t Restores counter registry settings and explanatory text from 
current registry settings and cached performance files related 
to the registry. 

/r: «filename> Specifies the name of the file that restores the performance 
counter registry settings and explanatory text. 

Warning: If you use this command, you'll overwrite all 
performance counter registry settings and explanatory 
text, replacing them with the configuration defined in the 
specified file. 

/t: <servicename> Indicates that service <servicename> is trusted. 

/? Displays help at the command prompt. 

Remarks 


e Ifthe information that you supply contains spaces, use quotation marks around the text (for example, "file name 
1"). 


Examples 


To save the current performance registry settings and explanatory text to file “oerf backup 7.txt’, type: 


lodctr /s:"perf backup1.txt" 


Additional References 


e Command-Line Syntax Key 


logman 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Creates and manages Event Trace Session and Performance logs and supports many functions of Performance 


Monitor from the command line. 


Syntax 


logman [create | query | start | stop | delete| update | import | export | /?] [options] 


Parameters 


PARAMETER 
logman create 
logman query 
logman start | stop 
logman delete 
logman update 


logman import | export 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Creates a counter, trace, configuration data collector, or API. 


Queries data collector properties. 


Starts or stops data collection. 


Deletes an existing data collector. 


Updates the properties of an existing data collector. 


Imports a data collector set from an XML file or export a 
data collector set to an XML file. 


logman create 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Creates a counter, trace, configuration data collector, or API. 


Syntax 


logman create <counter | trace | alert | cfg | api> <[-n] <name>> [options] 


Parameters 


PARAMETER 

logman create counter 
logman create trace 
logman create alert 
logman create cfg 


logman create api 


Additional References 


e Command-Line Syntax Key 


e logman command 


DESCRIPTION 


Creates a counter data collector. 


Creates a trace data collector. 


Creates an alert data collector. 


Creates a configuration data collector. 


Creates an API tracing data collector. 


logman create alert 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates an alert data collector. 


Syntax 


logman create alert <[-n] <name>> [options] 


Parameters 

PARAMETER DESCRIPTION 

-S <computer name> Perform the command on the specified remote computer. 

-config <value> Specifies the settings file containing command options. 

[-n] <name> Name of the target object. 

-[-]U <user [password]> Specifies the user to Run As. Entering an * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 

-m <[start] [stop] [[start] [stop] [...]]> Changes to manual start or stop instead of a scheduled begin 
or end time. 

-rf <[[hh:]mm:]ss> Runs the data collector for the specified period of time. 

-b <M/d/yyyy h:mm:ss[AM|PM]> Begins collecting data at the specified time. 

-e <M/d/yyyy h:mm:ss[AM|PM]> Ends data collection at the specified time. 

-si <[[hh: ]mm: ]ss> Specifies the sample interval for performance counter data 
collectors. 

-O <path|dsn!log> Specifies the output log file or the DSN and log set name ina 
SQL database. 

-[-]r Repeats the data collector daily at the specified begin and end 
times. 

-[-]a Appends an existing log file. 


-[-]ow Overwrites an existing log file. 


PARAMETER 


-[-]V <nnnnnn|mmddhhmm> 


-[-]rc <task> 


-[-]max <value> 


-[-Jenf <[[hh: ]mm:]ss> 


-y 


-cf <filename> 


-[-]el 


-th <threshold [threshold [...]]> 


-[-]rdcs <name> 


-[-]tn <task> 


-[-]targ <argument> 


R 


Remarks 


DESCRIPTION 


Attaches file versioning information to the end of the log file 
name. 


Runs the command specified each time the log is closed. 


Maximum log file size in MB or maximum number of records 
for SQL logs. 


When time is specified, creates a new file when the specified 
time has elapsed. When time is not specified, creates a new file 
when the maximum size is exceeded. 


Answers yes to all questions without prompting. 


Specifies the file listing performance counters to collect. The 
file should contain one performance counter name per line. 


Enables or disables Event Log reporting. 


Specify counters and their threshold values for an alert. 


Specifies the Data Collector Set to start when an alert fires. 


Specifies the task to run when an alert fires. 


Specifies the task arguments to be used with the task 
specified using -tn. 


Displays context-sensitive help. 


e Where [-] is listed, adding an extra hyphen (-) negates the option. 


Examples 


To create a new alert called, new_a/ert which fires when the performance counter % Processor time in the 


Processor(_Total) counter group exceeds the counter value of 50, type: 


logman create alert new_alert -th \Processor(_Total)\% Processor time>5@ 





NOTE 


The defined threshold value is based on the value collected by the counter, so in this example, the value of 50 equates to 


50% Processor time. 





Additional References 


e Command-Line Syntax Key 
e |ogman update alert command 


e logman command 


logman create api 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates an API tracing data collector. 


Syntax 


logman create api <[-n] <name>> [options] 


Parameters 

PARAMETER DESCRIPTION 

-S <computer name> Performs the command on the specified remote computer. 

-config <value> Specifies the settings file containing command options. 

[-n] <name> Name of the target object. 

-f <bin|bincirc> Specifies the log format for the data collector. 

-[-]U <user [password]> Specifies the user to Run As. Entering a * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 

-m <[start] [stop] [[start] [stop] [...]]> Changed to manual start or stop instead of a scheduled begin 
or end time. 

-rf <[[hh: ]mm: ]ss> Run the data collector for the specified period of time. 

-b <M/d/yyyy h:mm:ss[AM|PM]> Begin collecting data at the specified time. 

-e <M/d/yyyy h:mm:ss[AM|PM]> End data collection at the specified time. 

-si <[[hh: ]mm: ]ss> Specifies the sample interval for performance counter data 
collectors. 

-O <path|dsn!log> Specifies the output log file or the DSN and log set name ina 
SQL database. 

-[-]r Repeat the data collector daily at the specified begin and end 


times. 


-[-]a Append an existing log file. 


PARAMETER 


-[-]ow 


-[-]V <nnnnnn|mmddhhmm> 


-[-]rc <task> 


-[-]max <value> 


-[-Jenf <[[hh: ]mm:]ss> 


=y 


-mods <path [path [...]]> 


-inapis <module!api [module!api [...]]> 


-exapis <module!api [module!api [...]]> 


-[-Jano 


-[-]recursive 


-exe <value> 


P? 


Remarks 


DESCRIPTION 


Overwrite an existing log file. 


Attaches file versioning information to the end of the log file 
name. 


Run the command specified each time the log is closed. 


Maximum log file size in MB or maximum number of records 
for SQL logs. 


When time is specified, creates a new file when the specified 
time has elapsed. When time is not specified, creates a new file 
when the maximum size is exceeded. 


Answer yes to all questions without prompting. 


Specifies the list of modules to log API calls from. 


Specifies the list of API calls to include in logging. 


Specifies the list of API calls to exclude from logging. 


Log (-ano) API names only, or do not log only (-ano) API 
names. 


Log (-recursive) or do not log (-recursive) APIs recursively 
beyond the first layer. 


Specifies the full path to an executable for API Tracing. 


Displays context-sensitive help. 


e Where [-] is listed, adding an extra hyphen (-) negates the option. 


Examples 


To create an API trace counter called trace notepad, for the executable file c:\\windows\notepad.exe, and putting the 


results in the file c\\notepad.etl, type: 


logman create api trace_notepad -exe c:\windows\notepad.exe -o c:\notepad.etl 


To create an API trace counter called trace_notepad, for the executable file c:\windows\notepad.exe, collecting 


values produced by the module at c\windows\system32\advapi32.dll, type: 


logman create api trace_notepad -exe c:\windows\notepad.exe -mods c:\windows\system32\advapi32.d11 


To create an API trace counter called trace_notepad, for the executable file c\windows\notepad.exe, excluding the 


API call TlsGetValue produced by the module kernel32.dll, type: 


logman create api trace_notepad -exe c:\windows\notepad.exe -exapis kerne132.d11!TlsGetValue 


Additional References 


e Command-Line Syntax Key 
e logman update api command 


e logman command 


logman create cfg 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a configuration data collector. 


Syntax 


logman create cfg <[-n] <name>> [options] 


Parameters 

PARAMETER DESCRIPTION 

-S <computer name> Performs the command on the specified remote computer. 

-config <value> Specifies the settings file containing command options. 

[-n] <name> Name of the target object. 

-[-]U <user [password]> Specifies the user to Run As. Entering a * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 

-m <[start] [stop] [[start] [stop] [...]]> Changes to manual start or stop instead of a scheduled begin 
or end time. 

-rf <[[hh:]mm:]ss> Runs the data collector for the specified period of time. 

-b <M/d/yyyy h:mm:ss[AM|PM]> Begins collecting data at the specified time. 

-e <M/d/yyyy h:mm:ss[AM|PM]> Ends data collection at the specified time. 

-si <[[hh:]mm:]ss> Specifies the sample interval for performance counter data 
collectors. 

-O <path|dsn!log> Specifies the output log file or the DSN and log set name in a 
SQL database. 

-[-]r Repeats the data collector daily at the specified begin and end 
times. 

-[-]a Appends an existing log file. 


-[-]ow Overwrites an existing log file. 


PARAMETER DESCRIPTION 


-[-]V  <nnnnnn|mmddhhmm> Attaches file versioning information to the end of the log file 
name. 

-[-]rc <task> Runs the command specified each time the log is closed. 

-[-|max <value> Maximum log file size in MB or maximum number of records 
for SQL logs. 

-[-Jonf <[[hh:]mm:]ss> When time is specified, creates a new file when the specified 


time has elapsed. When time is not specified, creates a new file 
when the maximum size is exceeded. 


-y Answers yes to all questions without prompting. 
-[-Jni Enables (-ni) or disable (-ni) network interface query. 
-reg <path [path [...]]> Specifies registry value(s) to collect. 
-mgt <query [query [...]]> Specifies WMI object(s) to collect using SQL query language. 
-ftc «path [path [...]]> Specifies the full path to the file(s) to collect. 
/ Displays context-sensitive help. 
Remarks 


e Where [-] is listed, adding an extra hyphen (-) negates the option. 


Examples 


To create a configuration data collector called cfg_log, using the registry key 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentverion\ , type: 


logman create cfg cfg_log -reg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentverion\\ 


To create a configuration data collector called cfg_log, which records all WMI objects from root\wmi in the 


database column MSNdis_Vendordriverversion , type: 


logman create cfg cfg_log -mgt root\wmi:select * FROM MSNdis_Vendordriverversion 


Additional References 


e Command-Line Syntax Key 
e logman update cfg command 


e@ logman command 


logman create counter 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a counter data collector. 


Syntax 


logman create counter <[-n] <name>> [options] 


Parameters 

PARAMETER DESCRIPTION 

-S <computer name> Perform the command on the specified remote computer. 

-config <value> Specifies the settings file containing command options. 

[-n] <name> Name of the target object. 

-f <bin|bincirc> Specifies the log format for the data collector. 

-[-]U <user [password]> Specifies the user to Run As. Entering an * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 

-m <[start] [stop] [[start] [stop] [...]]> Changes to manual start or stop instead of a scheduled begin 
or end time. 

-rf <[[hh: ]mm: ]ss> Runs the data collector for the specified period of time. 

-b <M/d/yyyy h:mm:ss[AM|PM]> Begins collecting data at the specified time. 

-e <M/d/yyyy h:mm:ss[AM|PM]> Ends data collection at the specified time. 

-si <[[hh: ]mm: ]ss> Specifies the sample interval for performance counter data 
collectors. 

-O <path|dsn!log> Specifies the output log file or the DSN and log set name ina 
SQL database. 

-[-]r Repeats the data collector daily at the specified begin and end 


times. 


-[-]a Appends an existing log file. 


PARAMETER 


-[-]ow 


-[-]V <nnnnnn|mmddhhmm> 


-[-]rc <task> 


-[-]max <value> 


-[-Jenf <[[hh: ]mm:]ss> 


-y 


-cf <filename> 


-C <path [path [ ]]> 


-SC <value> 


P 


Remarks 


DESCRIPTION 


Overwrites an existing log file. 


Attaches file versioning information to the end of the log file 
name. 


Runs the command specified each time the log is closed. 


Maximum log file size in MB or maximum number of records 
for SQL logs. 


When time is specified, create a new file when the specified 
time has elapsed. When time is not specified, create a new file 
when the maximum size is exceeded. 


Answers yes to all questions without prompting. 


Specifies the file listing performance counters to collect. The 
file should contain one performance counter name per line. 


Specifies performance counter(s) to collect. 


Specifies the maximum number of samples to collect with a 
performance counter data collector. 


Displays context-sensitive help. 


e Where [-] is listed, adding an extra hyphen (-) negates the option. 


Examples 


To create a counter called perf_/og using the % Processor time counter from the Processor(_Total) counter 


category, type: 


logman create counter perf_log -c \Processor(_Total)\% Processor time 


To create a counter called perf_/og using the % Processor time counter from the Processor( Total) counter 


category, creating a log file with a maximum size of 10 MB, and collecting data for 1 minute and 0 seconds, type: 


logman create counter perf_log -c \Processor(_Total)\% Processor time -max 10 -rf 01:00 


Additional References 


e Command-Line Syntax Key 


e logman update counter command 


e logman command 


logman create trace 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Create an event trace data collector. 


Syntax 


logman create trace <[-n] <name>> [options] 


Parameters 

PARAMETER DESCRIPTION 

-S <computer name> Performs the command on the specified remote computer. 

-config <value> Specifies the settings file containing command options. 

-ets Sends commands to Event Trace Sessions directly without 
saving or scheduling. 

[-n] <name> Name of the target object. 

-f <bin|bincirc> Specifies the log format for the data collector. 

-[-]U <user [password]> Specifies the user to Run As. Entering an * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 

-m <[start] [stop] [[start] [stop] [...]]> Changes to manual start or stop instead of a scheduled begin 
or end time. 

-rf <[[hh: ]mm:]ss> Runs the data collector for the specified period of time. 

-b <M/d/yyyy h:mm:ss[AM|PM]> Begins collecting data at the specified time. 

-e <M/d/yyyy h:mm:ss[AM|PM]> Ends data collection at the specified time. 

-O <path|dsn!log> Specifies the output log file or the DSN and log set name ina 
SQL database. 

-[-]r Repeats the data collector daily at the specified begin and end 
times. 


-[-]a Appends an existing log file. 


PARAMETER 


-[-]ow 


-[-]v <nnnnnn | mmddhhmm> 


-[-]rc <task> 


-[-]max <value> 


-[-]cnf <[[hh:]mm:]ss> 


-ct <perf|system|cycle> 


-In <logger_name> 


-ft <[[hh:]mm:]ss> 


-[-]p <provider [flags [level]]> 


-pf <filename> 


-[-]rt 


-[-Jul 


-bs <value> 


-nb <min max> 


-mode <globalsequence|localsequence|pagedmemory> 


P? 


Remarks 


DESCRIPTION 


Overwrites an existing log file. 


Attaches file versioning information to the end of the log file 
name. 


Runs the command specified each time the log is closed. 


Maximum log file size in MB or maximum number of records 
for SQL logs. 


When time is specified, creates a new file when the specified 
time has elapsed. When time is not specified, creates a new file 
when the maximum size is exceeded. 


Answers yes to all questions without prompting. 


Specifies the Event Trace Session clock type. 


Specifies the logger name for Event Trace Sessions. 


Specifies the Event Trace Session flush timer. 


Specifies a single Event Trace provider to enable. 


Specifies a file listing multiple Event Trace providers to enable. 
The file should be a text file containing one provider per line. 


Runs the Event Trace Session in real-time mode. 


Runs the Event Trace Session in user. 


Specifies the Event Trace Session buffer size in kb. 


Specifies the number of Event Trace Session buffers. 


Specifies the event trace session logger mode, including: 

e Globalsequence - Specifies that the event tracer add 
a sequence number to every event it receives 
irrespective of which trace session received the event. 

e Localsequence - Specifies that the event tracer add 
sequence numbers for events received at a specific 
trace session. When this option is used, duplicate 
sequence numbers can exist across all sessions but will 
be unique within each trace session. 

e Pagedmemory - Specifies that the event tracer use 
paged memory rather than the default non-paged 
memory pool for its internal buffer allocations. 


Displays context-sensitive help. 


e Where [-] is listed, adding an extra hyphen (-) negates the option. 


Examples 


To create an event trace data collector called trace_/og, using no fewer than 16 and no more than 256 buffers, with 
each buffer being 64kb in size, putting the results in c\logfile, type: 


logman create trace trace_log -nb 16 256 -bs 64 -o c:\logfile 


Additional References 


e Command-Line Syntax Key 
e logman update trace command 


e logman command 


logman delete 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 
Deletes an existing data collector. 


Syntax 


logman delete <[-n] <name>> [options] 


Parameters 


PARAMETER 


-S <computer name> 
-config <value> 
[-n] <name> 


-ets 


-[-]Ju <user [password]> 


R 


Examples 


To delete the data collector perf log, type: 


logman delete perf log 


Additional References 


e Command-Line Syntax Key 


e logman command 


DESCRIPTION 


Performs the command on the specified remote computer. 


Specifies the settings file containing command options. 


Name of the target object. 


Sends commands to Event Trace Sessions directly without 
saving or scheduling. 


Specifies the user to Run As. Entering a * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 


Displays context-sensitive help. 


logman import and logman export 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Imports a Data Collector Set from an XML file, or exports a Data Collector Set to an XML file. 


Syntax 


logman import <[-n] <name> <-xml <name> [options] 
logman export <[-n] <name> <-xml <name> [options] 


Parameters 


PARAMETER 


-S <computer name> 
-config <value> 
[-n] <name> 

-xml <name> 


-ets 


-[-]Ju <user [password]> 


Fi 


Examples 


DESCRIPTION 


Perform the command on the specified remote computer. 


Specifies the settings file containing command options. 


Name of the target object. 


Name of the XML file to import or export. 


Sends commands to Event Trace Sessions directly without 
saving or scheduling. 


Specifies the user to Run As. Entering an * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 


Answers yes to all questions without prompting. 


Displays context-sensitive help. 


To import the XML file c\windows\perf_log.xm/from the computer server_7 as a data collector set called perf log, 


type: 


logman import perf_log -s server_1 -xml c:\windows\perf_log. xml 


Additional References 


e Command-Line Syntax Key 


e logman command 


logman query 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Queries data collector or data collector set properties. 


Syntax 


logman query [providers|Data Collector Set name] [options] 


Parameters 
PARAMETER DESCRIPTION 
-S <computer name> Perform the command on the specified remote computer. 
-config <value> Specifies the settings file containing command options. 
[-n] <name> Name of the target object. 
-ets Sends commands to Event Trace Sessions directly without 

saving or scheduling. 

/? Displays context-sensitive help. 

Examples 


To list all Data Collector Sets configured on the target system, type: 
logman query 

To list the data collectors contained in the Data Collector Set named perf log, type: 
logman query perf log 

To list all available providers of data collectors on the target system, type: 


logman query providers 


Additional References 
e Command-Line Syntax Key 


e logman command 


logman start and logman stop 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


The logman start command starts a data collector and sets the begin time to manual. The logman stop 
command stops a Data Collector Set and sets the end time to manual. 


Syntax 


logman start <[-n] <name>> [options] 
logman stop <[-n] <name>> [options] 


Parameters 
PARAMETER DESCRIPTION 
-S <computer name> Perform the command on the specified remote computer. 
-config <value> Specifies the settings file containing command options. 
[-n] <name> Specifies the name of the target object. 
-ets Sends commands to Event Trace Sessions directly, without 
saving or scheduling. 
-as Performs the requested operation asynchronously. 
-? Displays context-sensitive help. 
Examples 


To start the data collector perf_/og, on the remote computer server_1, type: 


logman start perf_log -s server_1 


Additional References 


e Command-Line Syntax Key 


e logman command 


logman update 
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Updates an existing data collector. 


Syntax 





logman update <counter | trace | alert | cfg | api> <[-n] <name>> [options] 




















Parameters 
PARAMETER DESCRIPTION 
logman update counter Updates a counter data collector. 
logman update alert Updates an alert data collector. 
logman update cfg Updates a configuration data collector. 
logman update api Updates an API tracing data collector. 


Additional References 
e Command-Line Syntax Key 


e logman command 


logman update alert 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Updates the properties of an existing alert data collector. 


Syntax 


logman update alert <[-n] <name>> [options] 


Parameters 

PARAMETER DESCRIPTION 

-S <computer name> Perform the command on the specified remote computer. 

-config <value> Specifies the settings file containing command options. 

[-n] <name> Name of the target object. 

-[-]U <user [password]> Specifies the user to Run As. Entering an * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 

-m <[start] [stop] [[start] [stop] [...]]> Changes to manual start or stop instead of a scheduled begin 
or end time. 

-rf <[[hh:]mm:]ss> Runs the data collector for the specified period of time. 

-b <M/d/yyyy h:mm:ss[AM|PM]> Begins collecting data at the specified time. 

-e <M/d/yyyy h:mm:ss[AM|PM]> Ends data collection at the specified time. 

-si <[[hh: ]mm: ]ss> Specifies the sample interval for performance counter data 
collectors. 

-O <path|dsn!log> Specifies the output log file or the DSN and log set name in a 
SQL database. 

-[-]r Repeats the data collector daily at the specified begin and end 
times. 

-[-]a Appends an existing log file. 


-[-]ow Overwrites an existing log file. 


PARAMETER 


-[-]v <nnnnnn|mmddhhmm> 


-[-]rc <task> 


-[-]max <value> 





-[-]Jenf <[[hh: ]mm:]ss> 


-cf <filename> 


-[-]el 


-th <threshold [threshold [...]]> 


-[-]rdcs <name> 


-[-]tn <task> 


-[-]targ <argument> 


P? 


Remarks 


DESCRIPTION 


Attaches file versioning information to the end of the log file 
name. 


Runs the command specified each time the log is closed. 


Maximum log file size in MB or maximum number of records 
for SQL logs. 


When time is specified, creates a new file when the specified 
time has elapsed. When time is not specified, creates a new 
file when the maximum size is exceeded. 


Answers yes to all questions without prompting. 


Specifies the file listing performance counters to collect. The 
file should contain one performance counter name per line. 


Enables or disables Event Log reporting. 


Specify counters and their threshold values for an alert. 


Specifies the Data Collector Set to start when an alert fires. 


Specifies the task to run when an alert fires. 


Specifies the task arguments to be used with the task 
specified using -tn. 


Displays context-sensitive help. 


e Where [-] is listed, adding an extra hyphen (-) negates the option. 


Examples 


To update the existing alert called new alert setting the threshold value for the counter % Processor time in the 


Processor(_Total) counter group to 40%, type: 


logman update alert new_alert -th \Processor(_Total)\% Processor time>4e 


Additional References 


e Command-Line Syntax Key 
e logman create alert command 


e logman command 


logman update api 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Updates the properties of an existing API tracing data collector. 


Syntax 


logman update api <[-n] <name>> [options] 


Parameters 

PARAMETER DESCRIPTION 

-S <computer name> Performs the command on the specified remote computer. 

-config <value> Specifies the settings file containing command options. 

[-n] <name> Name of the target object. 

-f <bin|bincirc> Specifies the log format for the data collector. 

-[-]U <user [password]> Specifies the user to Run As. Entering a * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 

-m <[start] [stop] [[start] [stop] [...]]> Changed to manual start or stop instead of a scheduled begin 
or end time. 

-rf <[[hh: ]mm: ]ss> Run the data collector for the specified period of time. 

-b <M/d/yyyy h:mm:ss[AM|PM]> Begin collecting data at the specified time. 

-e <M/d/yyyy h:mm:ss[AM|PM]> End data collection at the specified time. 

-si <[[hh: ]mm: ]ss> Specifies the sample interval for performance counter data 
collectors. 

-O <path|dsn!log> Specifies the output log file or the DSN and log set name in a 
SQL database. 

-[-]r Repeat the data collector daily at the specified begin and end 
times. 


-[-]a Append an existing log file. 


PARAMETER 


-[-]ow 


-[-]V <nnnnnn|mmddhhmm> 


-[-]Jrc <task> 


-[-]max <value> 


-[-]Jenf <[[hh: ]mm:]ss> 


my 


-mods <path [path [...]]> 


-inapis <module!api [module!api [...]]> 


-exapis <module!api [module!api [...]]> 


-[-Jano 


-[-]recursive 


-exe <value> 


P? 


Remarks 


DESCRIPTION 


Overwrite an existing log file. 


Attaches file versioning information to the end of the log file 
name. 


Run the command specified each time the log is closed. 


Maximum log file size in MB or maximum number of records 
for SQL logs. 


When time is specified, creates a new file when the specified 
time has elapsed. When time is not specified, creates a new 
file when the maximum size is exceeded. 


Answer yes to all questions without prompting. 


Specifies the list of modules to log API calls from. 


Specifies the list of API calls to include in logging. 


Specifies the list of API calls to exclude from logging. 


Log (-ano) API names only, or do not log only (-ano) API 
names. 


Log (-recursive) or do not log (-recursive) APIs recursively 
beyond the first layer. 


Specifies the full path to an executable for API Tracing. 


Displays context-sensitive help. 


e Where [-] is listed, adding an extra hyphen (-) negates the option. 


Examples 


To update an existing API trace counter called trace_notepad| for the executable file c\windows\notepad.exe, by 


excluding the API call TlsGetValue produced by the module kernel32.dll, type: 


logman update api trace_notepad -exe c:\windows\notepad.exe -exapis kernel32.d11!TlsGetValue 


Additional References 


e Command-Line Syntax Key 
e logman create api command 


e logman command 


logman update cfg 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Updates the properties of an existing configuration data collector. 


Syntax 


logman update cfg <[-n] <name>> [options] 


Parameters 

PARAMETER DESCRIPTION 

-S <computer name> Performs the command on the specified remote computer. 

-config <value> Specifies the settings file containing command options. 

[-n] <name> Name of the target object. 

-[-]U <user [password]> Specifies the user to Run As. Entering a * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 

-m <[start] [stop] [[start] [stop] [...]]> Changes to manual start or stop instead of a scheduled begin 
or end time. 

-rf <[[hh: ]mm: ]ss> Runs the data collector for the specified period of time. 

-b <M/d/yyyy h:mm:ss[AM|PM]> Begins collecting data at the specified time. 

-e <M/d/yyyy h:mm:ss[AM|PM]> Ends data collection at the specified time. 

-si <[[hh:]mm:]ss> Specifies the sample interval for performance counter data 
collectors. 

-0 <path|dsn!log> Specifies the output log file or the DSN and log set name in a 
SQL database. 

-[-]r Repeats the data collector daily at the specified begin and end 
times. 

-[-]a Appends an existing log file. 


-[-Jow Overwrites an existing log file. 


PARAMETER DESCRIPTION 





-[-]V  <nnnnnn|mmddhhmm> Attaches file versioning information to the end of the log file 
name. 

-[-]rc <task> Runs the command specified each time the log is closed. 

-[-]max <value> Maximum log file size in MB or maximum number of records 
for SQL logs. 

-[-]Jenf <[[hh: ]mm:]ss> When time is specified, creates a new file when the specified 


time has elapsed. When time is not specified, creates a new 
file when the maximum size is exceeded. 


-y Answers yes to all questions without prompting. 
-[-]ni Enables (-ni) or disable (-ni) network interface query. 
-reg <path [path [...]]> Specifies registry value(s) to collect. 
-mgt <query [query [...]]> Specifies WMI object(s) to collect using SQL query language. 
-ftc «path [path [...]]> Specifies the full path to the file(s) to collect. 
/? Displays context-sensitive help. 
Remarks 


e Where [-] is listed, adding an extra hyphen (-) negates the option. 


Examples 


To update a configuration data collector called cfg_/og, to collect the registry key 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentverion\ , type: 


logman update cfg cfg_log -reg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentverion\ 


Additional References 


e Command-Line Syntax Key 
e logman create cfg command 


e logman command 


logman update counter 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Updates an existing counter data collector's properties. 


Syntax 


logman update counter <[-n] <name>> [options] 


Parameters 

PARAMETER DESCRIPTION 

-S <computer name> Perform the command on the specified remote computer. 

-config <value> Specifies the settings file containing command options. 

[-n] <name> Name of the target object. 

-f <bin|bincirc> Specifies the log format for the data collector. 

-[-]U <user [password]> Specifies the user to Run As. Entering an * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 

-m <[start] [stop] [[start] [stop] [...]]> Changes to manual start or stop instead of a scheduled begin 
or end time. 

-rf <[[hh: ]mm: ]ss> Runs the data collector for the specified period of time. 

-b <M/d/yyyy h:mm:ss[AM|PM]> Begins collecting data at the specified time. 

-e <M/d/yyyy h:mm:ss[AM|PM]> Ends data collection at the specified time. 

-si <[[hh: ]mm: ]ss> Specifies the sample interval for performance counter data 
collectors. 

-O <path|dsn!log> Specifies the output log file or the DSN and log set name in a 
SQL database. 

-[-]r Repeats the data collector daily at the specified begin and end 
times. 


-[-]a Appends an existing log file. 


PARAMETER 


-[-]ow 


-[-]V <nnnnnn|mmddhhmm> 


-[-]Jrc <task> 


-[-]max <value> 


-[-]Jenf <[[hh: ]mm:]ss> 


y 


-cf <filename> 


-C <path [path [ ]]> 


-SC <value> 


P? 


Remarks 


DESCRIPTION 


Overwrites an existing log file. 


Attaches file versioning information to the end of the log file 
name. 


Runs the command specified each time the log is closed. 


Maximum log file size in MB or maximum number of records 
for SQL logs. 


When time is specified, create a new file when the specified 
time has elapsed. When time is not specified, create a new file 
when the maximum size is exceeded. 


Answers yes to all questions without prompting. 


Specifies the file listing performance counters to collect. The 
file should contain one performance counter name per line. 


Specifies performance counter‘(s) to collect. 


Specifies the maximum number of samples to collect with a 
performance counter data collector. 


Displays context-sensitive help. 


e Where [-] is listed, adding an extra hyphen (-) negates the option. 


Examples 


To create a counter called perf_/og using the % Processor time counter from the Processor(_Total) counter 


category, type: 


logman create counter perf_log -c \Processor(_Total)\% Processor time 


To update an existing counter called perf_/og, changing the sample interval to 10, the log format to CSV, and 


adding versioning to the log file name in the format mmddhhmm, type: 


logman update counter perf_log -si 10 -f csv -v mmddhhmm 


Additional References 


e Command-Line Syntax Key 
e logman create counter command 


e logman command 


logman update trace 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Updates the properties of an existing event trace data collector. 


Syntax 


logman update trace <[-n] <name>> [options] 


Parameters 

PARAMETER DESCRIPTION 

-S <computer name> Performs the command on the specified remote computer. 

-config <value> Specifies the settings file containing command options. 

-ets Sends commands to Event Trace Sessions directly without 
saving or scheduling. 

[-n] <name> Name of the target object. 

-f <bin|bincirc> Specifies the log format for the data collector. 

-[-]U <user [password]> Specifies the user to Run As. Entering an * for the password 
produces a prompt for the password. The password is not 
displayed when you type it at the password prompt. 

-m <[start] [stop] [[start] [stop] [...]]> Changes to manual start or stop instead of a scheduled begin 
or end time. 

-rf <[[hh: ]mm: ]ss> Runs the data collector for the specified period of time. 

-b <M/d/yyyy h:mm:ss[AM|PM]> Begins collecting data at the specified time. 

-e <M/d/yyyy h:mm:ss[AM|PM]> Ends data collection at the specified time. 

-O <path|dsn!log> Specifies the output log file or the DSN and log set name ina 
SQL database. 

-[-]r Repeats the data collector daily at the specified begin and end 
times. 


-[-]a Appends an existing log file. 


PARAMETER 


-[-]ow 


-[-]V <nnnnnn|mmddhhmm> 


-[-]rc <task> 


-[-]max <value> 


-[-]Jenf <[[hh: ]mm:]ss> 


-y 


-ct <perf|system|cycle> 


-In <logger_name> 


-ft <[[hh:]mm:]ss> 


-[-]p <provider [flags [level]]> 


-pf <filename> 


-[-]rt 


-[-Jul 


-bs <value> 


-nb <min max> 


-mode <globalsequence|localsequence|pagedmemory> 


P? 


Remarks 


DESCRIPTION 


Overwrites an existing log file. 


Attaches file versioning information to the end of the log file 
name. 


Runs the command specified each time the log is closed. 


Maximum log file size in MB or maximum number of records 
for SQL logs. 


When time is specified, creates a new file when the specified 
time has elapsed. When time is not specified, creates a new file 
when the maximum size is exceeded. 


Answers yes to all questions without prompting. 


Specifies the Event Trace Session clock type. 


Specifies the logger name for Event Trace Sessions. 


Specifies the Event Trace Session flush timer. 


Specifies a single Event Trace provider to enable. 


Specifies a file listing multiple Event Trace providers to enable. 
The file should be a text file containing one provider per line. 


Runs the Event Trace Session in real-time mode. 


Runs the Event Trace Session in user. 


Specifies the Event Trace Session buffer size in kb. 


Specifies the number of Event Trace Session buffers. 


Specifies the event trace session logger mode, including: 

e Globalsequence - Specifies that the event tracer add 
a sequence number to every event it receives 
irrespective of which trace session received the event. 

e Localsequence - Specifies that the event tracer add 
sequence numbers for events received at a specific 
trace session. When this option is used, duplicate 
sequence numbers can exist across all sessions but will 
be unique within each trace session. 

e Pagedmemory - Specifies that the event tracer use 
paged memory rather than the default non-paged 
memory pool for its internal buffer allocations. 


Displays context-sensitive help. 


e Where [-] is listed, adding an extra hyphen (-) negates the option. 


Examples 


To update an existing event trace data collector called trace /og, changing the maximum log size to 10 MB, 
updating the log file format to CSV, and appending file versioning in the format mmddhhmm, type: 


logman update trace trace_log -max 10 -f csv -v mmddhhmm 


Additional References 


e Command-Line Syntax Key 
e logman create trace command 


e logman command 


logoff 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Logs off a user from a session on a Remote Desktop Session Host server and deletes the session. 


Syntax 


logoff [<sessionname> | <sessionID>] [/server:<servername>] [/v] 


Parameters 
PARAMETER DESCRIPTION 
<sessionname> Specifies the name of the session. This must be an active 
session. 
<sessionID> Specifies the numeric ID which identifies the session to the 
server. 

/server: <servername> Specifies the Remote Desktop Session Host server that 
contains the session whose user you want to log off. If 
unspecified, the server on which you are currently active is 
used. 

N Displays information about the actions being performed. 

/? Displays help at the command prompt. 

Remarks 


e You can always log off yourself from the session to which you are currently logged on. You must, however, 
have Full Control permission to log off users from other sessions. 


e Logging off a user from a session without warning can result in loss of data at the user's session. You should 
send a message to the user by using the msg command to warn the user before taking this action. 


e |f <sessionID> Or <sessionname> isn't specified, logoff logs the user off from the current session. 
e After you log off a user, all processes end and the session is deleted from the server. 
e You can't log off a user from the console session. 


Examples 


To log off a user from the current session, type: 


logoff 


To log off a user from a session by using the session's ID, for example session 72, type: 


logoff 12 


To log off a user from a session by using the name of the session and server, for example session TERMO4 on 
Server, type: 


logoff TERM@4 /server:Server1 


Additional References 


e Command-Line Syntax Key 


e Remote Desktop Services (Terminal Services) Command Reference 


lpq 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays the status of a print queue on a computer running Line printer Daemon (LPD). 


Syntax 


lpq -S <servername> -P <printername> [-1] 


Parameters 

PARAMETER DESCRIPTION 

-S <servername> Specifies (by name or IP address) the computer or printer 
sharing device that hosts the LPD print queue with a status 
that you want to display. This parameter is required and must 
be capitalized. 

-P <Printername> Specifies (by name) the printer for the print queue with a 
status that you want to display. This parameter is required 
and must be capitalized. 

- Specifies that you want to display details about the status of 
the print queue. 

/? Displays help at the command prompt. 

Examples 


To display the status of the Laserprinter7 printer queue on an LPD host at 70.0.0.45, type: 


lpq -S 10.0.0.45 -P Laserprinter1 


Additional References 


e Command-Line Syntax Key 


e Print Command Reference 


Jog 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sends a file to a computer or printer sharing device running the Line printer Daemon (LPD) service in preparation 
for printing. 


Syntax 


Ipr [-S <servername>] -P <printername> [-C <bannercontent>] [-J <jobname>] [-o | -o 1] [-x] [-d] <filename> 
Parameters 
PARAMETER DESCRIPTION 
-S <servername> Specifies (by name or IP address) the computer or printer 


sharing device that hosts the LPD print queue with a status 
that you want to display. This parameter is required and must 
be capitalized. 


-P <printername> Specifies (by name) the printer for the print queue with a 
status that you want to display. To find the name of the 
printer, open the Printers folder. This parameter is required 
and must be capitalized. 


-C <bannercontent> Specifies the content to print on the banner page of the print 
job. If you don't include this parameter, the name of the 
computer from which the print job was sent appears on the 
banner page. This parameter must be capitalized. 


-J <jobname> Specifies the print job name that will be printed on the banner 
page. If you don't include this parameter, the name of the file 
being printed appears on the banner page. This parameter 
must be capitalized. 


[-o | -o 1] Specifies the type of file that you want to print. The parameter 
-o specifies that you want to print a text file. The parameter - 
o | specifies that you want to print a binary file (for example, a 
PostScript file). 


-d Specifies that the data file must be sent before the control file. 
Use this parameter if your printer requires the data file to be 
sent first. For more information, see your printer 
documentation. 


-X Specifies that the Ipr command must be compatible with the 
Sun Microsystems operating system (referred to as SunOS) for 
releases up to and including 4.1.4 ul. 


PARAMETER DESCRIPTION 


«filename> Specifies (by name) the file to be printed. This parameter is 
required. 
/? Displays help at the command prompt. 
Examples 


To print the Document txt text file to the Laserprinter7 printer queue on an LPD host at 70.0.0.45, type: 


lpr -S 10.0.0.45 -P Laserprinter1 -o Document.txt 


To print the PostScript fileps Adobe PostScript file to the Laserprinter7 printer queue on an LPD host at 70.0.0.45, 
type: 


lpr -S 10.0.0.45 -P Laserprinter1 -o 1 PostScript file.ps 
Additional References 


e Command-Line Syntax Key 


e Print Command Reference 


macfile 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Manages File Server for Macintosh servers, volumes, directories, and files. You can automate administrative tasks 
by including a series of commands in batch files and starting them manually or at predetermined times. 


Modify directories in Macintosh-accessible volumes 
To change the directory name, location, owner, group, and permissions for Macintosh-accessible volumes. 


Syntax 


macfile directory[/server:\\<computername>] /path:<directory> [/owner:<ownername>] [/group:<groupname> ] 
[/permissions:<permissions>] 


Parameters 

PARAMETER DESCRIPTION 

/server: \\<computername> Specifies the server on which to change a directory. If omitted, 
the operation is performed on the local computer. 

/path: <directory> Specifies the path to the directory that you want to change. 
This parameter is required. Note: The directory must exist, 
using macfile directory won't create directories. 

/owner: <ownername> Changes the owner of the directory. If omitted, the owner 
name won't change. 

/group: <groupname> Specifies or changes the Macintosh primary group that is 
associated with the directory. If omitted, the primary group 
remains unchanged. 

/permissions: <permissions> Sets permissions on the directory for the owner, primary 
group, and world (everyone). This must be an 11-digit 
number, where the number 1 grants permission and 0 revokes 
permission (for example, 11111011000). If this parameter is 
omitted, permissions remain unchanged. 

/? Displays help at the command prompt. 


Position of permissions digit 


The position of the permissions digit determines which permission is set, including: 
POSITION SETS PERMISSION 
First OwnerSeeFiles 


Second OwnerSeeFolders 


POSITION SETS PERMISSION 


Third OwnerMakechanges 

Fourth GroupSeeFiles 

Fifth GroupSeeFolders 

Sixth GroupMakechanges 

Seventh WorldSeeFiles 

Eighth WorldSeeFolders 

Ninth WorldMakechanges 

Tenth The directory can't be renamed, moved, or deleted. 
Eleventh The changes apply to the current directory and all 


subdirectories. 


Remarks 
e If the information that you supply contains spaces or special characters, use quotation marks around the text 
(for example, " <computer name> "). 


e Use macfile directory to make an existing directory in a Macintosh-accessible volume available to 


Macintosh users. The macfile directory command doesn't create directories. 


e Use File Manager, the command prompt, or the macintosh new folder command to create a directory ina 


Macintosh-accessible volume before you use the macfile directory command. 


Examples 
To assign See Files, See Folders, and Make changes permissions to the owner, to set See Folder permissions to all 
other users, and to prevent the directory from being renamed, moved, or deleted, type: 


macfile directory /path:e:\statistics\may sales /permissions:11111011000 


Where the subdirectory is May sales, located in the Macintosh-accessible volume Statistics, on the EN drive of the 
local server. 


Join a Macintosh file's data and resource forks 


To specify the server on which to join files, who created the file, the type of file, where the data fork is located, 
where the resource fork is located, and where the output file should be located. 


Syntax 


macfile forkize[/server:\\<computername>] [/creator:<creatorname>] [/type:<typename>] [/datafork:<filepath>] 
[/resourcefork:<filepath>] /targetfile:<filepath> 


Parameters 


PARAMETER DESCRIPTION 


/server: \\<computername> Specifies the server on which to join files. If omitted, the 
operation is performed on the local computer. 


/creator: <creatorname> Specifies the creator of the file. The Macintosh finder uses the 
/creator command-line option to determine the application 
that created the file. 


/type: <typename> Specifies the type of file. The Macintosh finder uses the /type 
command-line option to determine the file type within the 
application that created the file. 


/datafork: <filepath> Specifies the location of the data fork that is to be joined. You 
can specify a remote path. 


/resourcefork: <filepath> Specifies the location of the resource fork that is to be joined. 
You can specify a remote path. 


/targetfile: <filepath> Specifies the location of the file that's created by joining a data 
fork and a resource fork, or specifies the location of the file 
whose type or creator you are changing. The file must be on 
the specified server. This parameter is required. 


R Displays help at the command prompt. 


Remarks 
e If the information that you supply contains spaces or special characters, use quotation marks around the text 


(for example, " <computer name> "). 


Examples 

To create the file free app on the Macintosh-accessible volume D:\Re/ease, using the resource fork 
C:\Cross\Mac\Appcode, and to make this new file appear to Macintosh clients as an application (Macintosh 
applications use the type APPL) with the creator (signature) set to MAGNOLIA, type: 


macfile forkize /resourcefork:c:\cross\mac\appcode /type:APPL /creator:MAGNOLIA 
/targetfile:D:\Release\tree_app 


To change the file creator to Microsoft Word 5.7, for the file Word.txtin the directory D:\Word documents\Group 
files, on the server |ServerA, type: 


macfile forkize /server:\\ServerA /creator:MSWD /type:TEXT /targetfile:d:\Word documents\Group files\Word.txt 


Change the sign-in message and limit sessions 


To change the sign on message that appears when a user signs in to the File Server for Macintosh server and to 
limit the number of users who can simultaneously use File and print Servers for Macintosh. 


Syntax 


macfile server [/server:\\<computername>] [/maxsessions:{number | unlimited}] [/loginmessage:<message>] 


Parameters 


PARAMETER DESCRIPTION 


/server: \\<computername> Specifies the server on which to change parameters. If 
omitted, the operation is performed on the local computer. 


/maxsessions: {number | unlimited} Specifies the maximum number of users who can 
simultaneously use File and print Servers for Macintosh. If 
omitted, the maxsessions setting for the server remains 
unchanged. 


/loginmessage: <message> Changes the message Macintosh users see when signing in to 
the File Server for Macintosh server. The maximum number of 
characters for the sign-in message is 199. If omitted, the 
loginmessage message for the server remains unchanged. 
To remove an existing sign-in message, include the 
/loginmessage parameter, but leave the message variable 
blank. 


/? Displays help at the command prompt. 


Remarks 
e If the information that you supply contains spaces or special characters, use quotation marks around the text 


(for example, " <computer name> "). 


Examples 


To change the number of permitted File and print Server for Macintosh sessions on the local server to five sessions, 
and to add the sign-in message "Sign off from Server for Macintosh when you are finished", type: 


macfile server /maxsessions:5 /loginmessage:Sign off from Server for Macintosh when you are finished 


Add, change, or remove Macintosh-accessible volumes 


To add, change, or remove a Macintosh-accessible volume. 


Syntax 


macfile volume {/add|/set} [/server:\\<computername>] /name:<volumename>/path:<directory>[/readonly:{true | 
false}] [/guestsallowed:{true | false}] [/password:<password>] [/maxusers:{<number>>|unlimited}] 
macfile volume /remove[/server:\\<computername>] /name:<volumename> 


Parameters 
PARAMETER DESCRIPTION 
{/add | /set} Required when adding or changing a Macintosh-accessible 
volume. Adds or changes the specified volume. 

/server: \\<computername> Specifies the server on which to add, change, or remove a 
volume. If omitted, the operation is performed on the local 
computer. 

/name: <volumename> Required. Specifies the volume name to be added, changed, or 


removed. 


PARAMETER DESCRIPTION 


/path: <directory> Required and valid only when you are adding a volume. 
Specifies the path to the root directory of the volume to be 
added. 

/readonly: {true | false} Specifies whether users can change files in the volume. Use 


True to specify that users can't change files in the volume. Use 
False to specify that users can change files in the volume. If 
omitted when adding a volume, changes to files are allowed. If 
omitted when changing a volume, the readonly setting for 
the volume remains unchanged. 


/guestsallowed: {true | false} Specifies whether users who log on as guests can use the 
volume. Use True to specify that guests can use the volume. 
Use False to specify that guests can't use the volume. If 
omitted when adding a volume, guests can use the volume. If 
omitted when changing a volume, the guestsallowed setting 
for the volume remains unchanged. 


/password: <password> Specifies a password that will be required to access the 
volume. If omitted when adding a volume, no password is 
created. If omitted when changing a volume, the password 
remains unchanged. 


/maxusers: {<number>> | unlimited} Specifies the maximum number of users who can 
simultaneously use the files on the volume. If omitted when 
adding a volume, an unlimited number of users can use the 
volume. If omitted when changing a volume, the maxusers 
value remains unchanged. 


/remove Required when you are removing a Macintosh-accessible 
volume. removes the specified volume. 


R Displays help at the command prompt. 


Remarks 
e If the information that you supply contains spaces or special characters, use quotation marks around the text 


(for example, " <computer name> "). 


Examples 
To create a volume called US Marketing Statistics on the local server, using the Stats directory in the E drive, and to 
specify that the volume cannot be accessed by guests, type: 


macfile volume /add /name:US Marketing Statistics /guestsallowed:false /path:e:\Stats 


To change the volume created above to be read-only, to require a password, and to set the number of maximum 
users to five, type: 


macfile volume /set /name:US Marketing Statistics /readonly:true /password:saturn /maxusers:5 


To add a volume called Landscape Design, on the server \Magnolia, using the trees directory in the E drive, and to 
specify that the volume can be accessed by guests, type: 


macfile volume /add /server:\\Magnolia /name:Landscape Design /path:e:\trees 


To remove the volume called Sales Reports on the local server, type: 


macfile volume /remove /name:Sales Reports 


Additional References 


e Command-Line Syntax Key 


makecab 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Package existing files into a cabinet (. 


cab) file. 





NOTE 


This command is the same as the diantz command. 





Syntax 


makecab [/v[n]] [/d var=<value> 
makecab [/v[<n>]] [/d var=<value> 


Parameters 


PARAMETER 


<source> 


<destination> 


/f <directives file> 
/d var= <value> 

/\ <dir> 

N[ <n> ] 


i 


Additional References 
e Command-Line Syntax Key 
e diantz command 


e Microsoft Cabinet format 


+++] [/1 <dir>] <source> [<destination>] 


sas] /f <dinectives file> [...] 


DESCRIPTION 


File to compress. 


File name to give compressed file. If omitted, the last character 
of the source file name is replaced with an underscore (_) and 
used as the destination. 


A file with makecab directives (may be repeated). 


Defines variable with specified value. 


Location to place destination (default is current directory). 


Set debugging verbosity level (0=none....,3=full). 


Displays help at the command prompt. 


manage-bde 
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Turns on or turns off BitLocker, specifies unlock mechanisms, updates recovery methods, and unlocks BitLocker- 
protected data drives. 





NOTE 


This command-line tool can be used in place of the BitLocker Drive Encryption Control Panel item. 





Syntax 


manage-bde [-status] [-on] [-off] [-pause] [-resume] [-lock] [-unlock] [-autounlock] [-protectors] [-tpm] 
[-setidentifier] [-forcerecovery] [-changepassword] [-changepin] [-changekey] [-keypackage] [-upgrade] [- 
wipefreespace] [{-?|/?}] [{-help|-h}] 


Parameters 

PARAMETER DESCRIPTION 

manage-bde status Provides information about all drives on the computer, 
whether or not they are BitLocker- protected. 

manage-bde on Encrypts the drive and turns on BitLocker. 

manage-bde off Decrypts the drive and turns off BitLocker. All key protectors 
are removed when decryption is complete. 

manage-bde pause Pauses encryption or decryption. 

manage-bde resume Resumes encryption or decryption. 

manage-bde lock Prevents access to BitLocker-protected data. 

manage-bde unlock Allows access to BitLocker-protected data with a recovery 
password or a recovery key. 

manage-bde autounlock Manages automatic unlocking of data drives. 

manage-bde protectors Manages protection methods for the encryption key. 

manage-bde tpm Configures the computer's Trusted Platform Module (TPM). 


This command isn't supported on computers running 
Windows 8 or win8_server_2. To manage the TPM on 
these computers, use either the TPM Management MMC 
snap-in or the TPM Management cmdlets for Windows 
PowerShell. 


PARAMETER 


manage-bde setidentifier 


manage-bde ForceRecovery 


manage-bde changepassword 
manage-bde changepin 
manage-bde changekey 
manage-bde KeyPackage 
manage-bde upgrade 
manage-bde WipeFreeSpace 
-70r /? 


-help or -h 


Additional References 


e Command-Line Syntax Key 


e Enabling BitLocker by Using the Command Line 


DESCRIPTION 


Sets the drive identifier field on the drive to the value 
specified in the Provide the unique identifiers for your 
organization Group Policy setting. 


Forces a BitLocker-protected drive into recovery mode on 
restart. This command deletes all TPM-related key protectors 
from the drive. When the computer restarts, only a recovery 
password or recovery key can be used to unlock the drive. 


Modifies the password for a data drive. 


Modifies the PIN for an operating system drive. 


Modifies the startup key for an operating system drive. 


Generates a key package for a drive. 


Upgrades the BitLocker version. 


Wipes the free space on a drive. 


Displays brief Help at the command prompt. 


Displays complete Help at the command prompt. 


manage-bde status 
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Provides information about all drives on the computer; whether or not they are BitLocker-protected, including: 
e Size 

e BitLocker version 

e Conversion status 

e Percentage encrypted 

e Encryption method 

e Protection status 

e Lock status 

e Identification field 


e Key protectors 


Syntax 


manage-bde -status [<drive>] [-protectionaserrorlevel] [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 
PARAMETER DESCRIPTION 
<drive> Represents a drive letter followed by a colon. 
-protectionaserrorlevel Causes the manage-bde command-line tool to send the 
return code of 0 if the volume is protected and 1 if the 
volume is unprotected; most commonly used for batch scripts 
to determine if a drive is BitLocker-protected. You can also use 
-p as an abbreviated version of this command. 
-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 
<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To display the status of drive C, type: 


manage-bde -status C: 


Additional References 


e Command-Line Syntax Key 


@ manage-bde command 


manage-bde on 


11/2/2020 * 3 minutes to read * Edit Online 





Encrypts the drive and turns on BitLocker. 


Syntax 


manage-bde -on <drive> ([-recoverypassword <numericalpassword>]|[-recoverykey <pathtoexternaldirectory>]|[- 
startupkey <pathtoexternalkeydirectory>]|[-certificate] | 

[-tpmandpin] | [-tpmandpinandstartupkey <pathtoexternalkeydirectory>] | [-tpmandstartupkey 
<pathtoexternalkeydirectory>]|[-password]|[-ADaccountorgroup <domain\account>]} 
[-usedspaceonly][-encryptionmethod {aes128_diffuser|aes256_diffuser|aes128|aes256}] [-skiphardwaretest] [- 
discoveryvolumetype <filesystemtype>] [-forceencryptiontype <type>] [-removevolumeshadowcopies ][-computername 
<name>] 


[{-?]/?}] [{-help|-h}] 


Parameters 
PARAMETER DESCRIPTION 
<drive> Represents a drive letter followed by a colon. 
-recoverypassword Adds a numerical password protector. You can also use -rp as 
an abbreviated version of this command. 
<numericalpassword> Represents the recovery password. 
-recoverykey Adds an external key protector for recovery. You can also use 
-rk as an abbreviated version of this command. 
<pathtoexternaldirectory> Represents the directory path to the recovery key. 
-startupkey Adds an external key protector for startup. You can also use - 
sk as an abbreviated version of this command. 
<pathtoexternalkeydirectory> Represents the directory path to the startup key. 
-certificate Adds a public key protector for a data drive. You can also use 
-cert as an abbreviated version of this command. 
-tpmandpin Adds a Trusted Platform Module (TPM) and personal 
identification number (PIN) protector for the operating system 
drive. You can also use -tp as an abbreviated version of this 
command. 
-tpmandstartupkey Adds a TPM and startup key protector for the operating 


system drive. You can also use -tsk as an abbreviated version 
of this command. 


PARAMETER 


-tpmandpinandstartupkey 


-password 


-ADaccountorgroup 


-usedspaceonly 


-encryptionMethod 


-skiphardwaretest 


-discoveryvolumetype 


-forceencryptiontype 


-removevolumeshadowcopies 


<filesystemtype> 


-computername 


<name> 


DESCRIPTION 


Adds a TPM, PIN, and startup key protector for the operating 
system drive. You can also use -tpsk as an abbreviated 
version of this command. 


Adds a password key protector for the data drive. You can 
also use -pw as an abbreviated version of this command. 


Adds a SID-based identity protector for the volume. The 
volume will automatically unlock if the user or computer has 
the proper credentials. When specifying a computer account, 
append a $ to the computer name and specify -service to 
indicate that the unlock should happen in the content of the 
BitLocker server instead of the user. You can also use -sid as 
an abbreviated version of this command. 


Sets the encryption mode to Used Space Only encryption. 
The sections of the volume containing used space will be 
encrypted but the free space will not. If this option is not 
specified, all used space and free space on the volume will be 
encrypted. You can also use -used as an abbreviated version 
of this command. 


Configures the encryption algorithm and key size. You can 
also use -em as an abbreviated version of this command. 


Begins encryption without a hardware test. You can also use - 
s as an abbreviated version of this command. 


Specifies the file system to use for the discovery data drive. 
The discovery data drive is a hidden drive added to a FAT- 
formatted, BitLocker-protected removable data drive that 
contains the BitLocker To Go Reader. 


Forces BitLocker to use either software or hardware 
encryption. You can specify either Hardware or Software as 
the encryption type. If the hardware parameter is selected, 
but the drive doesn't support hardware encryption, manage- 
bde returns an error. If Group Policy settings forbids the 
specified encryption type, manage-bde returns an error. You 
can also use -fet as an abbreviated version of this command. 


Force deletion of Volume Shadow Copies for the volume. You 
won't be able to restore this volume using previous system 
restore points after running this command. You can also use - 
rvsc as an abbreviated version of this command. 


Specifies which file systems can be used with discovery data 
drives: FAT32, default, or none. 


Specifies that manage-bde is being used to modify BitLocker 
protection on a different computer. You can also use -cn as an 
abbreviated version of this command. 


Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 


PARAMETER DESCRIPTION 


-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To turn on BitLocker for drive C, and to add a recovery password to the drive, type: 


manage-bde -on C: -recoverypassword 
To turn on BitLocker for drive C, add a recovery password to the drive, and to save a recovery key to drive E, type: 
manage-bde -on C: -recoverykey E:\ -recoverypassword 


To turn on BitLocker for drive C, using an external key protector (such as a USB key) to unlock the operating 
system drive, type: 


manage-bde -on C: -startupkey E:\ 





IMPORTANT 


This method is required if you are using BitLocker with computers that don't have a TPM. 





To turn on BitLocker for data drive E, and to add a password key protector, type: 


manage-bde -on E: -pw 


To turn on BitLocker for operating system drive C, and to use hardware-based encryption, type: 


manage-bde -on C: -fet hardware 


Additional References 


e Command-Line Syntax Key 

@ manage-bde off command 

@ manage-bde pause command 
@ manage-bde resume command 


@ manage-bde command 


manage-bde off 
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Decrypts the drive and turns off BitLocker. All key protectors are removed when decryption is complete. 


Syntax 


manage-bde -off [<volume>] [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 


PARAMETER 


<volume> 


-computername 


<name> 


-? or /? 


-help or -h 


Examples 


To turn off BitLocker on drive C, type: 


manage-bde -off C: 


Additional References 


e Command-Line Syntax Key 

@ manage-bde on command 

@ manage-bde pause command 
@ manage-bde resume command 


@ manage-bde command 


DESCRIPTION 


Specifies a drive letter followed by a colon, a volume GUID 
path, or a mounted volume. 


Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 


Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 


Displays brief Help at the command prompt. 


Displays complete Help at the command prompt. 


manage-bde -pause 
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Pauses BitLocker encryption or decryption. 


Syntax 


manage-bde -pause [<volume>] [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 
PARAMETER DESCRIPTION 
<volume> Specifies a drive letter followed by a colon, a volume GUID 
path, or a mounted volume. 
-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 
<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To pause BitLocker encryption on drive C, type: 


manage-bde -pause C: 


Additional References 


e Command-Line Syntax Key 
e manage-bde on command 
e manage-bde off command 
e manage-bde resume command 


e manage-bde command 


manage-bde resume 
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Resumes BitLocker encryption or decryption after it has been paused. 


Syntax 


manage-bde -resume [<drive>] [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 
PARAMETER DESCRIPTION 
<drive> Represents a drive letter followed by a colon. 
-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 
<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To resume BitLocker encryption on drive C, type: 


manage-bde -resume C: 


Additional References 


e Command-Line Syntax Key 
e manage-bde on command 
e manage-bde off command 
e manage-bde pause command 


e manage-bde command 


manage-bde lock 
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Locks a BitLocker-protected drive to prevent access to it unless the unlock key is provided. 


Syntax 


manage-bde -lock [<drive>] [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 
PARAMETER DESCRIPTION 
<drive> Represents a drive letter followed by a colon. 
-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 
<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To lock data drive D, type: 


manage-bde -lock D: 


Additional References 


e Command-Line Syntax Key 


@ manage-bde command 


manage-bde unlock 
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Unlocks a BitLocker-protected drive by using a recovery password or a recovery key. 


Syntax 


manage-bde -unlock {-recoverypassword <password>|-recoverykey <pathtoexternalkeyfile>} <drive> [-certificate 
{-cf pathtocertificatefile | -ct certificatethumbprint} {-pin}] [-password] [-computername <name>] [{-?|/?}] 


[{-help|-h}] 


Parameters 


PARAMETER 


= recoverypassword 


<password> 


-recoverykey 


<pathtoexternalkeyfile> 


<drive> 


-certificate 


-cf <pathtocertificatefile> 


-Ct <certificatethumbprint> 


-password 


-computername 


DESCRIPTION 


Specifies that a recovery password will be used to unlock the 
drive. You can also use -rp as an abbreviated version of this 
command. 


Represents the recovery password that can be used to unlock 
the drive. 


Specifies that an external recovery key file will be used to 
unlock the drive. You can also use -rk as an abbreviated 
version of this command. 


Represents the external recovery key file that can be used to 
unlock the drive. 


Represents a drive letter followed by a colon. 


The local user certificate for a BitLocker certificate to unlock 
the volume is located in the local user certificate store. You 
can also use -cert as an abbreviated version of this 
command. 


Path to the certificate file. 


Certificate thumbprint which may optionally include the PIN (- 
pin). 


Presents a prompt for the password to unlock the volume. 
You can also use -pw as an abbreviated version of this 
command. 


Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 


PARAMETER DESCRIPTION 


<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 


-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To unlock drive E with a recovery key file that's been saved to a backup folder on another drive, type: 


manage-bde -unlock E: -recoverykey F:\Backupkeys\recoverykey.bek 


Additional References 


e Command-Line Syntax Key 


e manage-bde command 


manage-bde autounlock 
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Manages the automatic unlocking of BitLocker-protected data drives. 


Syntax 


manage-bde -autounlock [{-enable|-disable|-clearallkeys}] <drive> [-computername <name>] [{-?|/?}] [{-help| - 


h}] 


Parameters 
PARAMETER DESCRIPTION 
-enable Enables automatic unlocking for a data drive. 
-disable Disables automatic unlocking for a data drive. 
-clearallkeys Removes all stored external keys on the operating system 
drive. 
<drive> Represents a drive letter followed by a colon. 
-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 
<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To enable automatic unlocking of data drive E, type: 


manage-bde -autounlock -enable E: 


Additional References 
e Command-Line Syntax Key 


e manage-bde command 


manage-bde protectors 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016 
Manages the protection methods used for the BitLocker encryption key. 


Syntax 


manage-bde -protectors [{-get|-add|-delete|-disable|-enable|-adbackup|-aadbackup}] <drive> [-computername 


<name>] [{-?]/?}] [{-help|-h}] 


Parameters 


PARAMETER DESCRIPTION 


-get Displays all the key protection methods enabled on the drive 
and provides their type and identifier (ID). 


-add Adds key protection methods as specified by using additional 
-add parameters. 


-delete Deletes key protection methods used by BitLocker. All key 
protectors will be removed from a drive unless the optional - 
delete parameters are used to specify which protectors to 
delete. When the last protector on a drive is deleted, BitLocker 
protection of the drive is disabled to ensure that access to 
data is not lost inadvertently. 


-disable Disables protection, which will allow anyone to access 
encrypted data by making the encryption key available 
unsecured on drive. No key protectors are removed. 
Protection will be resumed the next time Windows is booted 
unless the optional -disable parameters are used to specify 
the reboot count. 


-enable Enables protection by removing the unsecured encryption key 
from the drive. All configured key protectors on the drive will 
be enforced. 


-adbackup Backs up all recovery information for the drive specified to 
Active Directory Domain Services (AD DS). To back up only a 
single recovery key to AD DS, append the -id parameter and 
specify the ID of a specific recovery key to back up. 


-aadbackup Backs up all recovery information for the drive specified to 
Azure Active Directory (Azure AD). To back up only a single 
recovery key to Azure AD, append the -id parameter and 
specify the ID of a specific recovery key to back up. 


<drive> Represents a drive letter followed by a colon. 


PARAMETER 


-computername 


<name> 


-? or /? 


-help or -h 


Additional -add parameters 


DESCRIPTION 


Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 


Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 


Displays brief help at the command prompt. 


Displays complete help at the command prompt. 


The -add parameter can also use these valid additional parameters. 


manage-bde -protectors -add [<drive>] [-forceupgrade] [-recoverypassword <numericalpassword>] [-recoverykey 


<pathtoexternalkeydirectory>] 


[-startupkey <pathtoexternalkeydirectory>] [-certificate {-cf <pathtocertificatefile>|-ct 


<certificatethumbprint>}] [-tpm] [-tpmandpin] 


[-tpmandstartupkey <pathtoexternalkeydirectory>] [-tpmandpinandstartupkey <pathtoexternalkeydirectory>] [- 


password][-adaccountorgroup <securityidentifier> [-computername <name>] 


[{-?|/?}] [{-help|-h}] 


PARAMETER 


<drive> 


-recoverypassword 


<numericalpassword> 


-recoverykey 


<pathtoexternalkeydirectory> 


-startupkey 


<pathtoexternalkeydirectory> 


-certificate 


-cf 


-Ct 


DESCRIPTION 


Represents a drive letter followed by a colon. 


Adds a numerical password protector. You can also use -rp as 
an abbreviated version of this command. 


Represents the recovery password. 


Adds an external key protector for recovery. You can also use 
-rk as an abbreviated version of this command. 


Represents the directory path to the recovery key. 


Adds an external key protector for startup. You can also use - 
sk as an abbreviated version of this command. 


Represents the directory path to the startup key. 


Adds a public key protector for a data drive. You can also use 
-cert as an abbreviated version of this command. 


Specifies that a certificate file will be used to provide the public 
key certificate. 


Represents the directory path to the certificate file. 


Specifies that a certificate thumbprint will be used to identify 
the public key certificate 


PARAMETER 


<certificatethumbprint> 


-tpmandpin 


-tpmandstartupkey 


-tpmandpinandstartupkey 


-password 


-adaccountorgroup 


-computername 


<name> 


-? or /? 


-help or -h 


Additional -delete parameters 


manage-bde -protectors -delete <drive> [-type 


DESCRIPTION 


Specifies the value of the thumbprint property of the 
certificate you want to use. For example, a certificate 
thumbprint value of a9 09 50 2d d8 2a e4 14 33 e6 f8 38 86 
bO Od 42 77 a3 2a 7b should be specified as 
a909502dd82ae41433e6f83886b00d4277a32a7b. 


Adds a Trusted Platform Module (TPM) and personal 
identification number (PIN) protector for the operating system 
drive. You can also use -tp as an abbreviated version of this 
command. 


Adds a TPM and startup key protector for the operating 
system drive. You can also use -tsk as an abbreviated version 
of this command. 


Adds a TPM, PIN, and startup key protector for the operating 
system drive. You can also use -tpsk as an abbreviated 
version of this command. 


Adds a password key protector for the data drive. You can 
also use -pw as an abbreviated version of this command. 


Adds a security identifier(SID)-based identity protector for the 
volume. You can also use -sid as an abbreviated version of 
this command. IMPORTANT: By default, you can't add an 
ADaccountorgroup protector remotely using either WMI or 
manage-bde. If your deployment requires the ability to add 
this protector remotely, you must enable constrained 
delegation. 


Specifies that manage-bde is being used to modify BitLocker 
protection on a different computer. You can also use -cn as an 
abbreviated version of this command. 


Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 


Displays brief help at the command prompt. 


Displays complete help at the command prompt. 


(recoverypassword|externalkey|certificate|tpm|tpmandstartupkey|tpmandpin|tpmandpinandstartupkey|Password|Ident 


ity)] 


[-id <keyprotectorID>] [-computername <name>] [{-?|/?}] [{-help|-h}] 


PARAMETER 


<drive> 


-type 


DESCRIPTION 


Represents a drive letter followed by a colon. 


Identifies the key protector to delete. You can also use -t as 
an abbreviated version of this command. 


PARAMETER 


recoverypassword 


externalkey 


certificate 


tom 


tpmandstartupkey 


tpmandpin 


tpmandpinandstartupkey 


password 


identity 


<keyprotectorID> 


-computername 


<name> 


-? or /? 


-help or -h 


Additional -disable parameters 


DESCRIPTION 


Specifies that any recovery password key protectors should be 
deleted. 


Specifies that any external key protectors associated with the 
drive should be deleted. 


Specifies that any certificate key protectors associated with 
the drive should be deleted. 


Specifies that any TPM-only key protectors associated with 
the drive should be deleted. 


Specifies that any TPM and startup key based key protectors 
associated with the drive should be deleted. 


Specifies that any TPM and PIN based key protectors 
associated with the drive should be deleted. 


Specifies that any TPM, PIN, and startup key based key 
protectors associated with the drive should be deleted. 


Specifies that any password key protectors associated with the 
drive should be deleted. 


Specifies that any identity key protectors associated with the 
drive should be deleted. 


Identifies the key protector to delete by using the key 
identifier. This parameter is an alternative option to the -type 
parameter. 


Identifies an individual key protector on the drive to delete. 
Key protector IDs can be displayed by using the manage- 
bde -protectors -get command. 


Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 


Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 


Displays brief help at the command prompt. 


Displays complete help at the command prompt. 


manage-bde -protectors -disable <drive> [-rebootcount <integer @ - 15>] [-computername <name>] [{-?|/?}] [{- 


help|-h)] 


PARAMETER 


<drive> 


rebootcount 


-computername 


<name> 


-? or /? 


-help or -h 


Examples 


DESCRIPTION 


Represents a drive letter followed by a colon. 


Specifies that protection of the operating system volume has 
been suspended and will resume after Windows has been 
restarted the number of times specified in the rebootcount 
parameter. Specify 0 to suspend protection indefinitely. If this 
parameter isn't specified, BitLocker protection automatically 
resumes after Windows is restarted. You can also use -rc as 
an abbreviated version of this command. 


Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 


Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 


Displays brief help at the command prompt. 


Displays complete help at the command prompt. 


To add a certificate key protector, identified by a certificate file, to drive E, type: 


manage-bde -protectors -add E: -certificate -cf c:\File Folder\Filename.cer 


To add an adaccountorgroup key protector, identified by domain and user name, to drive E, type: 


manage-bde -protectors -add E: -sid DOMAIN\user 


To disable protection until the computer has rebooted 3 times, type: 


manage-bde -protectors -disable C: -rc 3 


To delete all TPM and startup keys-based key protectors on drive C, type: 


manage-bde -protectors -delete C: -type tpmandstartupkey 


To back up all recovery information for drive C to AD DS, type: 


manage-bde -protectors -adbackup C: 


Additional References 


e Command-Line Syntax Key 


e manage-bde command 


manage-bde tom 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Configures the computer's Trusted Platform Module (TPM). 


Syntax 


manage-bde -tpm [-turnon] [-takeownership <ownerpassword>] [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 

PARAMETER DESCRIPTION 

-turnon Enables and activates the TPM, allowing the TPM owner 
password to be set. You can also use -t as an abbreviated 
version of this command. 

-takeownership Takes ownership of the TPM by setting an owner password. 
You can also use -o as an abbreviated version of this 
command. 

<ownerpassword> Represents the owner password that you specify for the TPM. 

-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 

<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To turn on the TPM, type: 
manage-bde tpm -turnon 


To take ownership of the TPM and set the owner password to OwnerP@ss, type: 


manage-bde tpm takeownership ØwnerPØss 


Additional References 


e Command-Line Syntax Key 
e TPM Management cmdlets for Windows PowerShell 


@ manage-bde command 


manage-bde setidentifier 
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Sets the drive identifier field on the drive to the value specified in the Provide the unique identifiers for your 
organization Group Policy setting. 


Syntax 


manage-bde -setidentifier <drive> [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 
PARAMETER DESCRIPTION 
<drive> Represents a drive letter followed by a colon. 
-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 
<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To set BitLocker drive identifier field for C, type: 


manage-bde -setidentifier C: 


Additional References 


e Command-Line Syntax Key 
e manage-bde command 


e BitLocker Recovery Guide 


manage-bde forcerecovery 
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Forces a BitLocker-protected drive into recovery mode on restart. This command deletes all Trusted Platform 
Module (TPM)-related key protectors from the drive. When the computer restarts, only a recovery password or 
recovery key can be used to unlock the drive. 


Syntax 


manage-bde -forcerecovery <drive> [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 
PARAMETER DESCRIPTION 
<drive> Represents a drive letter followed by a colon. 
-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 
<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To cause BitLocker to start in recovery mode on drive C, type: 


manage-bde -forcerecovery C: 


Additional References 


e Command-Line Syntax Key 


e manage-bde command 


manage-bde changepassword 
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Modifies the password for a data drive. The user is prompted for a new password. 


Syntax 


manage-bde -changepassword [<drive>] [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 
PARAMETER DESCRIPTION 
<drive> Represents a drive letter followed by a colon. 
-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 
<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To change the password used to unlock BitLocker on data drive D, type: 


manage-bde -changepassword D: 


Additional References 


e Command-Line Syntax Key 


@ manage-bde command 


manage-bde changepin 
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Modifies the PIN for an operating system drive. The user is prompted to enter a new PIN. 


Syntax 


manage-bde -changepin [<drive>] [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 


PARAMETER 


<drive> 


-computername 


<name> 


-? or /? 


-help or -h 


Examples 


To change the PIN used with BitLocker on drive C, type: 


manage-bde -changepin C: 


Additional References 


e Command-Line Syntax Key 


@ manage-bde command 


DESCRIPTION 


Represents a drive letter followed by a colon. 


Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 


Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 


Displays brief Help at the command prompt. 


Displays complete Help at the command prompt. 


manage-bde changekey 
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Modifies the startup key for an operating system drive. 


Syntax 


manage-bde -changekey [<drive>] [<pathtoexternalkeydirectory>] [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 
PARAMETER DESCRIPTION 
<drive> Represents a drive letter followed by a colon. 
-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 
<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To create a new startup key on drive E, to use with BitLocker encryption on drive C, type: 


manage-bde -changekey C: E:\ 


Additional References 


e Command-Line Syntax Key 


@ manage-bde command 


manage-bde keypackage 
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Generates a key package for a drive. The key package can be used in conjunction with the repair tool to repair 
corrupted drives. 


Syntax 


manage-bde -keypackage [<drive>] [-ID <keyprotectoryID>] [-path <pathtoexternalkeydirectory>] [-computername 
<name>] [{-?|/?}] [{-help|-h}] 


Parameters 
PARAMETER DESCRIPTION 
<drive> Represents a drive letter followed by a colon. 

-ID Creates a key package using the key protector with the 
identifier specified by this ID value. Tip: Use the manage- 
bde -protectors -get command, along with the drive letter 
that you want to create a key package for, to get a list of 
available GUIDs to use as the ID value. 

-path Specifies the location to save the created key package. 

-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 

<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To create a key package for drive C, based on the key protector identified by the GUID, and to save the key package 
to F\Folder, type: 


manage-bde -keypackage C: -id {84E151C1. ..7A62067A512} -path f:\Folder 


Additional References 


e Command-Line Syntax Key 


e manage-bde command 


manage-bde upgrade 
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Upgrades the BitLocker version. 


Syntax 


manage-bde -upgrade [<drive>] [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 
PARAMETER DESCRIPTION 
<drive> Represents a drive letter followed by a colon. 
-computername Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 
<name> Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 
-? or /? Displays brief Help at the command prompt. 
-help or -h Displays complete Help at the command prompt. 
Examples 


To upgrade BitLocker encryption on drive C, type: 


manage-bde -upgrade C: 


Additional References 


e Command-Line Syntax Key 


e manage-bde command 


manage-bde wipefreespace 
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Wipes the free space on the volume, removing any data fragments that may have existed in the space. Running 


this command on a volume encrypted using the Used Space Only encryption method provides the same level of 


protection as the Full Volume Encryption encryption method. 


Syntax 


manage-bde -wipefreespace|-w [<drive>] [-cancel] [-computername <name>] [{-?|/?}] [{-help|-h}] 


Parameters 


PARAMETER 


<drive> 


-cancel 


-computername 


<name> 


-? or /? 


-help or -h 


Examples 


To wipe the free space on drive C, type either: 


manage-bde -w C: 


manage-bde -wipefreespace C: 


To cancel the wipe of tje free space on drive C, type either: 


manage-bde -w -cancel C: 


manage-bde -wipefreespace -cancel C: 


Additional References 


DESCRIPTION 


Represents a drive letter followed by a colon. 


Cancels a wipe of free space that is in process. 


Specifies that manage-bde.exe will be used to modify 
BitLocker protection on a different computer. You can also use 
-cn as an abbreviated version of this command. 


Represents the name of the computer on which to modify 
BitLocker protection. Accepted values include the computer's 
NetBIOS name and the computer's IP address. 


Displays brief Help at the command prompt. 


Displays complete Help at the command prompt. 


e Command-Line Syntax Key 


e manage-bde command 


mapadmin 
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The mapadmin command-line utility administers User Name Mapping on the local or remote computer running 


Microsoft Services for Network File System. If you are logged on with an account that does not have 


administrative credentials, you can specify a user name and password of an account that does. 


Syntax 


mapadmin [<computer>] 
mapadmin [<computer>] 
mapadmin [<computer>] 
mapadmin [<computer>] 
mapadmin [<computer>] 
mapadmin [<computer>] 
mapadmin [<computer>] 
mapadmin [<computer>] 
mapadmin [<computer>] 
mapadmin [<computer>] 
mapadmin [<computer>] 
mapadmin [<computer>] 
<path>} 

mapadmin [<computer>] 
mapadmin [<computer>] 
mapadmin [<computer>] 


Parameters 


PARAMETER 


<computer> 


-U <user> 


-p <password> 


start | stop 


<user> 
<user> 
<user> 
<user> 
<user> 
<user> 
<user> 
<user> 
<user> 
<user> 
<user> 
<user> 


<user> 
<user> 
<USER> 
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<password>]] 
<password>]] 
<password>]] 
<password>] ] 
<password>] ] 
<password>]] 
<password>]] 
<password>] ] 
<password>] ] 
<password>]] 
<password>]] 
<password>] ] 


<password>]] 
<password>]] 
<password>]] 


(start | stop) 

config <option[...]> 

add -wu <windowsuser> -uu <UNIXuser> [-setprimary] 
add -wg <windowsgroup> -ug <UNIXgroup> [-setprimary] 
setprimary -wu <Windowsuser> [-uu <UNIXuser>] 
setprimary -wg <Windowsgroup> [-ug <UNIXgroup>] 
delete <option[...]> 

list <option[...]> 

backup <filename> 

restore <filename> 

adddomainmap -d <Windowsdomain> (-y <<NISdomain>> | -f 


removedomainmap -d <Windowsdomain> -y <<NISdomain>> 
removedomainmap -all 
listdomainmaps 


DESCRIPTION 


Specifies the remote computer running the User Name 
Mapping service that you want to administer. You can specify 
the computer using a Windows Internet Name Service (WINS) 
name or a Domain Name System (DNS) name, or by Internet 
Protocol (IP) address. 


Specifies the user name of the user whose credentials are to 
be used. It might be necessary to add the domain name to 
the user name in the form domain\username. 


Specifies the password of the user. If you specify the -u option 
but omit the -p option, you are prompted for the user's 
password. 


Starts or stops the User Name Mapping service. 


PARAMETER 


config 


add 


setprimary 


DESCRIPTION 


Specifies general settings for User Name Mapping. The 

following options are available with this parameter: 

@ -r <dddd>:<hh>:<mm> : Specifies the refresh interval 
for updating from the Windows and NIS databases in 
days, hours, and minutes. The minimum interval is 5 
minutes. 

e -i {yes | no} : Turns simple mapping on (yes) or off 
(no). By default, mapping is turned on. 


Creates a new mapping for a user or group. The following 

options are available with this parameter: 

e -wu <name> : Specifies the name of the Windows 
user for which a new mapping is being created. 

e -uu <name> : Specifies the name of the UNIX user for 
which a new mapping is being created. 

® -wg <group> : Specifies the name of the Windows 
group for which a new mapping is being created. 

© -ug <group> : Specifies the name of the UNIX group 
for which a new mapping is being created. 

e -setprimary: Specifies that the new mapping is the 
primary mapping. 


Specifies which mapping is the primary mapping for a UNIX 


user or group with multiple mappings. The following options 


are available with this parameter: 

e -wu <name> : Specifies the Windows user of the 
primary mapping. If more than one mapping for the 
user exists, use the -uu option to specify the primary 
mapping. 

e -uu <name> : Specifies the UNIX user of the primary 
mapping. 

e -wg <group> : Specifies the Windows group of the 
primary mapping. If more than one mapping for the 
group exists, use the -ug option to specify the 
primary mapping. 

e -ug <group> : Specifies the UNIX group of the 
primary mapping. 


PARAMETER 


delete 


list 


backup 


DESCRIPTION 


Removes the mapping for a user or group. The following 

options are available for this parameter: 

e -wu <user> : Specifies the Windows user for which 
the mapping will be deleted, specified as 


<windowsdomain>\<username> . 


You must specify either the -wu or the -uu 
option, or both. If you specify both options, the 
particular mapping identified by the two options 
will be deleted. If you specify only the -wu option, 
all mappings for the specified user will be deleted. 


@ -uu_ <user> : Specifies the UNIX user for whom the 
mapping will be deleted, specified as <username> . 


You must specify either the -wu or the -uu 
option, or both. If you specify both options, the 
particular mapping identified by the two options 
will be deleted. If you specify only the -uu option, 
all mappings for the specified user will be deleted. 


e -wg <group> : Specifies the Windows group for 
which the mapping will be deleted, specified as 


<windowsdomain>\<username> . 


You must specify either the -wg or the -ug 
option, or both. If you specify both options, the 
particular mapping identified by the two options 
will be deleted. If you specify only the -wg option, 
all mappings for the specified group will be 
deleted. 


® -ug <group> : Specifies the UNIX group for which the 
mapping will be deleted, specified as <groupname> . 


You must specify either the -wg or the -ug 
option, or both. If you specify both options, the 
particular mapping identified by the two options 
will be deleted. If you specify only the -ug option, 
all mappings for the specified group will be 
deleted. 


Displays information about user and group mappings. The 

following options are available with this parameter: 

e -all: Lists both simple and advanced mappings for 
users and groups. 

e -simple: Lists all simple mapped users and groups. 

e -advanced: Lists all advanced mapped users and 
groups. Maps are listed in the order in which they are 
evaluated. Primary maps, marked with an asterisk (*), 
are listed first, followed by secondary maps, which are 
marked with a carat (^). 

e -wu <name> : Lists the mapping for a specified 
Windows user. 

e -wg <group> : Lists the mapping for a Windows 
group. 

® -uu <name> : Lists the mapping for a UNIX user. 


e -ug <group> : Lists the mapping for a UNIX group. 


Saves User Name Mapping configuration and mapping data 
to the file specified by <filename> . 


PARAMETER DESCRIPTION 


restore Replaces configuration and mapping data with data from the 
file (specified by <filename> ) that was created using the 
backup parameter. 


adddomainmap Adds a simple map between a Windows domain and an NIS 

domain or password and group files. The following options are 

available for this parameter: 

e -d <windowsdomain> : Specifies the Windows domain 
to be mapped. 

e -y <NISdomain> : Specifies the NIS domain to be 
mapped. You must use the -n <NISserver> 
parameter to specify the NIS server for the NIS domain 
specified by the -y option. 

e -f <path> : Specifies the fully-qualified path of 
directory containing the password and group files to 
be mapped. The files must be located on the computer 
being managed, and you can't use mapadmin to 
manage a remote computer to set up maps based on 
password and group files. 


removedomainmap Removes a simple map between a Windows domain and an 
NIS domain. The following options and argument are available 
for this parameter: 


e -d <windowsdomain> : Specifies the Windows domain 
of the map to be removed. 

e -y <NISdomain> : Specifies the NIS domain of the 
map to be removed. 


e -all: Specifies that all simple maps between Windows 
and NIS domains are to be removed. This will also 
remove any simple map between a Windows domain 
and password and group files. 


listdomainmaps Lists the Windows domains that are mapped to NIS domains 
or password and group files. 


Remarks 
e If you don't specify any paramters, the mapadmin command displays the current settings for User Name 
Mapping. 


e For all options that specify a user or group name, the following formats can be used: 


o For Windows users, use the formats: <domain>\<username> , \\<computer>\<username> , 


\<computer>\<username> , OF <computer>\<username> 


o For Windows groups, use the formats: <domain>\<groupname> , \\<computer>\<groupname> , 


\<computer>\<groupname> , OF <computer>\<groupname> 


o For UNIX users, use the formats: <NISdomain>\<username> , <username>@<NISdomain> , <username>@PCNFS 
, OF PCNFS\<username> 


o For UNIX groups, use the formats: <NISdomain>\<groupname> , <groupname>@<NISdomain> , 


<groupname>@PCNFS , Of PCNFS\<groupname> 


Additional References 


e Command-Line Syntax Key 


md 
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Creates a directory or subdirectory. Command extensions, which are enabled by default, allow you to use a single 
md command to create intermediate directories in a specified path. 





NOTE 


This command is the same as the mkdir command. 





Syntax 


md [<drive>:]<path> 


Parameters 
PARAMETER DESCRIPTION 
«drive» : Specifies the drive on which you want to create the new 
directory. 
<path> Specifies the name and location of the new directory. The 
maximum length of any single path is determined by the file 
system. This is a required parameter. 
/? Displays help at the command prompt. 
Examples 


To create a directory named Directory 1 within the current directory, type: 


md Directory1 


To create the directory tree Taxes|Property|Current within the root directory, with command extensions enabled, 


type: 


md \Taxes\Property\Current 


To create the directory tree Taxes|Property|Current within the root directory as in the previous example, but with 
command extensions disabled, type the following sequence of commands: 


md \Taxes 
md \Taxes\Property 
md \Taxes\Property\Current 


Additional References 


e Command-Line Syntax Key 


e mkdir command 


merge vdisk 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Merges a differencing virtual hard disk (VHD) with its corresponding parent VHD. The parent VHD will be 
modified to include the modifications from the differencing VHD. This command modifies the parent VHD. As a 
result, other differencing VHDs that are dependent on the parent will no longer be valid. 





IMPORTANT 


You must choose and detach a VHD for this operation to succeed. Use the select vdisk command to select a VHD and 


shift the focus to it. 





Syntax 


merge vdisk depth=<n> 


Parameters 


PARAMETER 


depth= <n> 


Examples 


To merge a differencing VHD with its parent VHD, type: 


merge vdisk depth=1 


Additional References 
e Command-Line Syntax Key 

e attach vdisk command 

e compact vdisk command 

e detail vdisk command 

e detach vdisk command 

e expand vdisk command 

e select vdisk command 


e list command 


DESCRIPTION 


Indicates the number of parent VHD files to merge together. 
For example, depth=1 indicates that the differencing VHD 
will be merged with one level of the differencing chain. 


mkdir 
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Creates a directory or subdirectory. Command extensions, which are enabled by default, allow you to use a single 
mkdir command to create intermediate directories in a specified path. 





NOTE 


This command is the same as the md command. 





Syntax 


mkdir [<drive>:]<path> 


Parameters 
PARAMETER DESCRIPTION 
«drive» : Specifies the drive on which you want to create the new 
directory. 
<path> Specifies the name and location of the new directory. The 
maximum length of any single path is determined by the file 
system. This is a required parameter. 
/? Displays help at the command prompt. 
Examples 


To create a directory named Directory7 within the current directory, type: 


mkdir Directory1 


To create the directory tree Taxes|Property|Current within the root directory, with command extensions enabled, 


type: 


mkdir \Taxes\Property\Current 


To create the directory tree Taxes|Property|Current within the root directory as in the previous example, but with 
command extensions disabled, type the following sequence of commands: 


mkdir \Taxes 
mkdir \Taxes\Property 
mkdir \Taxes\Property\Current 


Additional References 


e Command-Line Syntax Key 


e md command 


AAAS 
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Creates a directory or file symbolic or hard link. 


Syntax 


mklink [[/d] | [/h] | [/j]] <link> <target> 


Parameters 
PARAMETER DESCRIPTION 
/d Creates a directory symbolic link. By default, this command 
creates a file symbolic link. 
/h Creates a hard link instead of a symbolic link. 
jj Creates a Directory Junction. 
<link> Specifies the name of the symbolic link being created. 
<target> Specifies the path (relative or absolute) that the new symbolic 
link refers to. 
/? Displays help at the command prompt. 
Examples 


To create and remove a symbolic link named MyFolder from the root directory to the \Users\User1\Documents 
directory, and a hard link named Myfile-file to the example-file file located within the directory, type: 


mklink /d \MyFolder \Users\User1\Documents 

mklink /h \MyFile.file \User1\Documents\example. file 
rd \MyFolder 

del \MyFile.file 


Additional References 


e Command-Line Syntax Key 


del command 


e rd command 


New-ltem in Windows PowerShell 


MMC 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Using mmc command-line options, you can open a specific mmc console, open mmc in author mode, or specify 
that the 32-bit or 64-bit version of mmc is opened. 


Syntax 


mmc <path>\<filename>.msc [/a] [/64] [/32] 


Parameters 
PARAMETER DESCRIPTION 
<path>\<filename>.msc starts mmc and opens a saved console. You need to specify 
the complete path and file name for the saved console file. If 
you do not specify a console file, mmc opens a new console. 

/a Opens a saved console in author mode. Used to make 
changes to saved consoles. 

/64 Opens the 64-bit version of mmc (mmc64). Use this option 
only if you are running a Microsoft 64-bit operating system 
and want to use a 64-bit snap-in. 

/32 Opens the 32-bit version of mmc (mmc32). When running a 
Microsoft 64-bit operating system, you can run 32-bit snap- 
ins by opening mmc with this command-line option when you 
have 32-bit only snap-ins. 

Remarks 


e You can use environment variables to create command lines or shortcuts that don't depend on the explicit 
location of console files. For instance, if the path to a console file is in the system folder (for example, mmc 
c:\winnt\system32\console_name.msc), you can use the expandable data string %systemroot% to 
specify the location (mmc%systemroot%\system32\console_name.msc). This may be useful if you're 
delegating tasks to people in your organization who are working on different computers. 


e When consoles are opened using the /a option, they're opened in author mode, regardless of their default 
mode. This doesn't permanently change the default mode setting for files; when you omit this option, mmc 
opens console files according to their default mode settings. 


e After you open mmc or a console file in author mode, you can open any existing console by clicking Open 
on the Console menu. 


e You can use the command line to create shortcuts for opening mmc and saved consoles. A command-line 
command works with the Run command on the Start menu, in any command-prompt window, in 
shortcuts, or in any batch file or program that calls the command. 


Additional References 


e Command-Line Syntax Key 


mode 
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Displays system status, changes system settings, or reconfigures ports or devices. If used without parameters, 
mode displays all the controllable attributes of the console and the available COM devices. 


Serial port 
Configures a serial communications port and sets the output handshake. 


Syntax 


mode com<m>[:] [baud=<b>] [parity=<p>] [data=<d>] [stop=<s>] [to={on|off}] [xon={on|off}] [odsr={on|off}] 
[octs={on|off}] [dtr={on|off|hs}] [rts={on|off|hs|tg}] [idsr={on|off}] 


Parameters 


PARAMETER DESCRIPTION 


com<m>[:] Specifies the number of the async Prncnfg.vbshronous 
communications port. 


baud=<b> Specifies the transmission rate in bits per second. The valid 
values include: 
e 11 - 110 baud 
e 15 - 150 baud 
e 30 - 300 baud 
e 60 - 600 baud 
e 12 - 1200 baud 
e 24 - 2400 baud 
e 48 - 4800 baud 
* 96 - 9600 baud 
e 19 - 19,200 baud 


parity=<p> Specifies how the system uses the parity bit to check for 
transmission errors. The valid values include: 
e n-none 
e e- even (default value) 
e o- odd 
e m- mark 
e s - space 


Not all devices support using the m or s parameters. 


data=<d> Specifies the number of data bits in a character. Valid values 
range from 5 through 8. The default value is 7. Not all devices 
support the values 5 and 6. 


stop=<s> Specifies the number of stop bits that define the end of a 
character: 1, 1.5, or 2. If the baud rate is 110, the default 
value is 2. Otherwise, the default value is 1. Not all devices 
support the value 1.5. 


PARAMETER DESCRIPTION 


to={on | off} Specifies whether the device uses infinite time out processing. 
The default value is off. Turning this option on means that 
the device will never stop waiting to receive a response from a 
host or client computer. 


xon={on | off} Specifies whether the system allows the XON/XOFF protocol. 
This protocol provides flow control for serial communications, 
enhancing reliability, but reducing performance. 


odsr={on | off} Specifies whether the system turns on the Data Set Ready 
(DSR) output handshake. 


octs={on | off} Specifies whether the system turns on the Clear to Send (CTS) 
output handshake. 


dtr={on | off | hs} Specifies whether the system turns on the Data Terminal 
Ready (DTR) output handshake. Setting this value to on 
mode, provides a constant signal to show the terminal is 
ready to send data. Setting this value to hs mode provides a 
handshake signal between the two terminals. 


rts={on | off | hs | tg} Specifies whether the system turns on the Request to Send 
(RTS) output handshake. Setting this value to on mode, 
provides a constant signal to show the terminal is ready to 
send data. Setting this value to hs mode provides a 
handshake signal between the two terminals. Setting this 
value to tg mode provides a way to toggle between ready 
and not ready states. 


idsr={on | off} Specifies whether the system turns on the DSR sensitivity. You 
must turn this option on to use DSR handshaking. 


P Displays help at the command prompt. 


Device status 


Displays the status of a specified device. If used without parameters, mode displays the status of all devices 
installed on your system. 


Syntax 


mode [<device>] [/status] 


Parameters 
PARAMETER DESCRIPTION 
<device> Specifies the name of the device for which you want to display 
the status. Standard names include, LPT1: through LPT3:, 
COM1: through COM9;, and CON. 
/status Requests the status of any redirected parallel printers. You can 


also use /sta as an abbreviated version of this command. 


PARAMETER DESCRIPTION 


R Displays help at the command prompt. 


Redirect printing 


Redirects printer output. You must be a member of the Administrators group to redirect printing. 





NOTE 








To set up your system so that it sends parallel printer output to a serial printer, you must use the mode command 
twice. The first time, you must use mode to configure the serial port. The second time, you must use mode to 
redirect parallel printer output to the serial port you specified in the first mode command. 


Syntax 


mode LPT<n>[:]=COM<m>[:] 


Parameters 

PARAMETER DESCRIPTION 

LPT <n> [] Specifies the number of the LPT to configure. Typically, this 
means providing a value from LTP1: through LTP3:, unless 
your system includes special parallel port support. This 
parameter is required. 

COM <m> [1] Specifies the COM port to configure. Typically, this means 
providing a value from COM1: through COM9;, unless 
your system has special hardware for additional COM ports. 
This parameter is required. 

/? Displays help at the command prompt. 

Examples 


To redirect a serial printer that operates at 4800 baud with even parity, and is connected to the COM1 port (the 


first serial connection on your computer), type: 


mode com1 48,e,,,b 
mode lpti=com1 


To redirect parallel printer output from LPT1 to COM1, and then to print a file using LPT1, type the following 
command before you print the file: 


mode lpt1 


This command prevents the redirection the file from LPT1 to COM1. 


Select code page 


Configures or queries the code page info for a selected device. 


Syntax 


mode <device> codepage select=<yyy> 
mode <device> codepage [/status] 


Parameters 


PARAMETER 


<device> 


codepage 


select= <yyy> 


/status 


P? 


Display mode 
Changes the size of the command prompt screen buffer 


Syntax 
mode con[:] [cols=<c>] [lines=<n>] 


Parameters 


PARAMETER 


con[:] 


DESCRIPTION 


Specifies the device for which you want to select a code page. 
CON is the only valid name for a device. This parameter is 
required. 


Specifies which code page to use with the specified device. You 
can also use cp as an abbreviated version of this command. 
This parameter is required. 


Specifies the number of the code page to use with the device. 
The supported code pages, by country/region or language, 
include: 


e 437: United States 

© 850: Multilingual (Latin I) 
e 852: Slavic (Latin II) 

e 855: Cyrillic (Russian) 
e 857: Turkish 

* 860: Portuguese 

e 861: Icelandic 

© 863: Canadian-French 
e 865: Nordic 

* 866: Russian 

e 869: Modern Greek 


This parameter is required. 


Displays the numbers of the current code pages selected for 
the specified device. You can also use /sta as an abbreviated 
version of this command. Regardless whether you specify 
/status, the mode codepage command will display the 
numbers of the code pages that are selected for the specified 
device. 


Displays help at the command prompt. 


DESCRIPTION 


Indicates that the change applies to the Command Prompt 
window. This parameter is required. 


PARAMETER DESCRIPTION 


cols= <c> Specifies the number of columns in the command prompt 
screen buffer. The default setting is 80 columns, but you can 
set this to any value. If you don't use the default, typical 
values are 40 and 135 columns. Using non-standard values 
can result in the command prompt app problems. 


lines= <n> Specifies the number of lines in the command prompt screen 
buffer. The default value is 25, but you can set this to any 
value. If you don't use the default, the other typical value is 50 
lines. 


/? Displays help at the command prompt. 


Typematic rate 


Sets the keyboard typematic rate. The typematic rate is the speed at which Windows can repeat a character when 
you press the key on a keyboard. 





NOTE 


Some keyboards don't recognize this command. 





Syntax 


mode con[:] [rate=<r> delay=<d>] 


Parameters 


PARAMETER DESCRIPTION 
con[:] Specifies the keyboard. This parameter is required. 


rate= <r> Specifies the rate at which a character is repeated on the 
screen when you hold down a key. The default value is 20 
characters per second for IBM AT-compatible keyboards, and 
21 for IBM PS/2-compatible keyboards, but you can use any 
value from 1 through 32. If you set this parameter, you must 
also set the delay parameter. 


delay= <d> Specifies the amount of time that will elapse after you press 
and hold down a key before the character output repeats. The 
default value is 2 (.50 seconds), but you can also use 1 (.25 
seconds), 3 (.75 seconds), or 4 (1 second). If you set this 
parameter, you must also set the rate parameter. 


/? Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


more 


11/2/2020 * 2 minutes to read ° Edit Online 





Displays one screen of output at a time. 





NOTE 


The more command, with different parameters, is also available from the Recovery Console. 





Syntax 


<command> | more [/c] [/p] [/s] [/t<n>] [+<n>] 
more [[/c] [/p] [/s] [/t<n>] [+<n>]] < [<drive>:][<path>]<filename> 
more [/c] [/p] [/s] [/t<n>] [+<n>] [<files>] 


Parameters 

PARAMETER DESCRIPTION 
<command> Specifies a command for which you want to display the 

output. 

/c Clears the screen before displaying a page. 

/p Expands form-feed characters. 

/s Displays multiple blank lines as a single blank line. 

/t <n> Displays tabs as the number of spaces specified by rn. 

+ <n> Displays the first file, beginning at the line specified by n. 
[<drive>:][<path>]<filename> Specifies the location and name of a file to display. 
<files> Specifies a list of files to display. Files must be separated using 

spaces. 

/? Displays help at the command prompt. 

Remarks 


e The following subcommands are accepted at the more prompt ( -- More -- ), including: 
KEY ACTION 
SPACEBAR Press the SPACEBAR to display the next screen. 


ENTER Press ENTER to display the file one line at a time. 


KEY ACTION 


f Press F to display the next file listed on the command line. 


q Press Q to quit the more command. 


= Shows the line number. 


p <n> Press P to display the next n lines. 
S <n> Press S to skip the next n lines. 
? Press ? to show the commands that are available at the 


more prompt. 


e |f you use the redirection character ( < ), you must also specify a file name as the source. 
e If you use the pipe ( | ), you can use such commands as dir, sort, and type. 


Examples 


To view the first screen of information of a file named C/ients.new, type one of the following commands: 


more < clients.new 
type clients.new | more 


The more command displays the first screen of information from Clients.new, and you can press the SPACEBAR to 


see the next screen of information. 


To clear the screen and remove all extra blank lines before displaying the file C/ents.new, type one of the following 


commands: 


more /c /s < clients.new 
type clients.new | more /c /s 


To display the current line number at the more prompt, type: 


more = 


The current line number is added to the more prompt, as -- More [Line: 24] -- 


To display a specific number of lines at the more prompt, type: 


more p 


The more prompt asks you for the number of lines to display, as follows: -- More -- Lines: . Type the number of 
lines to display, and then press ENTER. The screen changes to show only that number of lines. 


To skip a specific number of lines at the more prompt, type: 
more s 


The more prompt asks you for the number of lines to skip, as follows: -- More -- Lines: . Type the number of lines 


to skip, and then press ENTER. The screen changes to show that those lines are skipped. 


Additional References 


e Command-Line Syntax Key 


e Windows Recovery Environment (WinRE) 


mount 
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A command-line utility that mounts Network File System (NFS) network shares. When used without options or 
arguments, mount displays information about all mounted NFS file systems. 





NOTE 


This utility is available only if Client for NFS is installed. 





Syntax 


mount [-o <option>[...]] [-u:<username>] [-p:{<password> | *}] {\\<computername>\<sharename> 
<computername>:/<sharename>} {<devicename> | *} 


Parameters 

PARAMETER DESCRIPTION 

-o rsize= <buffersize> Sets the size in kilobytes of the read buffer. Acceptable values 
are 1, 2, 4, 8, 16, and 32; the default is 32 KB. 

-o wsize= <buffersize> Sets the size in kilobytes of the write buffer. Acceptable values 
are 1, 2, 4, 8, 16, and 32; the default is 32 KB. 

-o timeout= <seconds> Sets the time-out value in seconds for a remote procedure call 
(RPC). Acceptable values are 0.8, 0.9, and any integer in the 
range 1-60; the default is 0.8. 

-o retry= <number> Sets the number of retries for a soft mount. Acceptable values 
are integers in the range 1-10; the default is 1. 

-o mtype= {soft|hard} Sets the mount type for your NFS share. By default, Windows 
uses a soft mount. Soft mounts time out more easily when 
there are connection issues; however, to reduce I/O disruption 
during NFS server reboots, we recommend using a hard 
mount. 

-o anon Mounts as an anonymous user. 

-o nolock Disables locking (default is enabled). 


-o casesensitive Forces file lookups on the server to be case sensitive. 


PARAMETER 


-o fileaccess= <mode> 


-o lang= 


{euc-jp|euc-tw|euc-kr|shift-jis|Big5|Ksc5601|Gb2312- 
80|Ansi) 


-U: <username> 


-p: <password> 


<computername> 
<sharename> 


<devicename> 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Specifies the default permission mode of new files created on 
the NFS share. Specify mode as a three-digit number in the 
form ogw, where o, g, and ware each a digit representing the 
access granted the file's owner, group, and the world, 
respectively. The digits must be in the range 0-7, including: 

e 0: No access 


e 1: x (execute access) 

e 2: w (write access) 

e 3: wx (write and execute access) 

e 4: r (read access) 

e 5: rx (read and execute access) 

© 6: rw (read and write access) 

e 7: rwx (read, write, and execute access) 


Specifies the language encoding to configure on an NFS share. 
You can use only one language on the share. This value can 
include any of the following values: 

© euc-jp: Japanese 

e euc-tw: Chinese 

e euc-kr: Korean 

e shift-jis: Japanese 

e Big5: Chinese 

e Ksc5601: Korean 

e Gb2312-80: Simplified Chinese 

e Ansi: ANSI-encoded 


Specifies the user name to use for mounting the share. If 
username isn't preceded by a backslash (\ ), it's treated as a 
UNIX user name. 


The password to use for mounting the share. If you use an 
asterisk (*), you'll be prompted for the password. 


Specifies the name of the NFS server. 


Specifies the name of the file system. 


Specifies the drive letter and name of the device. If you use an 
asterisk (*) this value represents the first available driver letter. 


mountvol 
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Creates, deletes, or lists a volume mount point. You can also link volumes without requiring a drive letter. 


Syntax 


mountvol [<drive>:]<path volumename> 
mountvol [<drive>:]<path> /d 
mountvol [<drive>:]<path> /1 
mountvol [<drive>:]<path> /p 
mountvol /r 

mountvol [/n|/e] 

mountvol <drive>: /s 


Parameters 


PARAMETER DESCRIPTION 


[<drive>:]<path> Specifies the existing NTFS directory where the mount point 
will reside. 


<volumename> Specifies the volume name that is the target of the mount 
point. The volume name uses the following syntax, where 
GUID is a globally unique identifier: \\?\volume\{GUID}\ . 
The brackets { } are required. 


/d Removes the volume mount point from the specified folder. 
Å Lists the mounted volume name for the specified folder. 


/p Removes the volume mount point from the specified directory, 
dismounts the basic volume, and takes the basic volume 
offline, making it unmountable. If other processes are using 
the volume, mountvol closes any open handles before 
dismounting the volume. 


fr Removes volume mount point directories and registry settings 
for volumes that are no longer in the system, preventing them 
from being automatically mounted and given their former 
volume mount point(s) when added back to the system. 


/n Disables automatic mounting of new basic volumes. New 
volumes are not mounted automatically when added to the 
system. 


/e Re-enables automatic mounting of new basic volumes. 
/s Mounts the EFI system partition on the specified drive. 


/? Displays help at the command prompt. 


Remarks 


e Ifyou dismount your volume while using the /p parameter, the volume list will show the volume as not 


mounted until a volume mount point is created. 


e Ifyour volume has more than one mount point, use /d to remove the additional mount points before using 
/p. You can make the basic volume mountable again by assigning a volume mount point. 


e If you need to expand your volume space without reformatting or replacing a hard drive, you can add a 
mount path to another volume. The benefit of using one volume with several mount paths is that you can 
access all local volumes by using a single drive letter (such as_c: ). You don't need to remember which 
volume corresponds to which drive letter—although you can still mount local volumes and assign them 


drive letters. 


Examples 


To create a mount point, type: 


mountvol \sysmount \\?\volume\{2eca@78d-5cbc-43d3-aff8-7e8511f60d0e}\ 


Additional References 


e Command-Line Syntax Key 


Move 
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Moves one or more files from one directory to another directory. 





IMPORTANT 


Moving encrypted files to a volume that doesn't support Encrypting File System (EFS) results will result in an error. You must 
first decrypt the files or move them to a volume that supports EFS. 








Syntax 


move [{/y|-y}] [<source>] [<target>] 


Parameters 
PARAMETER DESCRIPTION 
/y Stops prompting for confirmation that you want to overwrite 
an existing destination file. This parameter might be preset in 
the COPYCMD environment variable. You can override this 
preset by using the -y parameter. The default is to prompt 
before overwriting files, unless the command is run from 
within a batch script. 
-y Starts prompting for confirmation that you want to overwrite 
an existing destination file. 
<source> Specifies the path and name of the file(s) to move. To move or 
rename a directory, the source should be the current directory 
path and name. 
<target> Specifies the path and name to move files to. To move or 
rename a directory, the target should be the desired directory 
path and name. 
2 Displays help at the command prompt. 
Examples 


To move all files with the .xIs extension from the |Data directory to the |Second Q|Reports directory, type: 


move \data\*.xls \second_q\reports\ 


Additional References 


© Command-Line Syntax Key 


mqbkup 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Backs up MSMQ message files and registry settings to a storage device and restores previously-stored messages 
and settings. 


Both the backup and the restore operations stop the local MSMQ service. If the MSMQ service was started 
beforehand, the utility will attempt to restart the MSMQ service at the end of the backup or the restore operation. If 
the service was already stopped before running the utility, no attempt to restart the service is made. 


Before using the MSMQ Message Backup/Restore utility you must close all local applications that are using MSMQ. 


Syntax 


mqbkup {/b | /r} <folder path_to_storage_device> 


Parameters 
PARAMETER DESCRIPTION 
/b Specifies backup operation. 
/t Specifies restore operation. 
«folder path to storage device> Specifies the path where the MSMQ message files and registry 
settings are stored. 
/? Displays help at the command prompt. 
Remarks 


e Ifa specified folder doesn't exist while performing either the backup or restore operation, the folder is 
automatically created by the utility. 


e If you choose to specify an existing folder, it must be empty. If you specify a non-empty folder, the utility 
deletes every file and subfolder contained within it. In this case, you'll be prompted to give permission to 
delete existing files and subfolders. You can use the /y parameter to indicate that you agree beforehand to 
the deletion of all existing files and subfolders in the specified folder. 


e The locations of folders used to store MSMQ message files are stored in the registry. Therefore, the utility 
restores MSMQ message files to the folders specified in the registry and not to the storage folders used 
before the restore operation. 


Examples 


To backup all MSMQ message files and registry settings, and to store them in the msmqbkup folder on your C: 
drive, type: 


mqbkup /b c:\msmqbkup 


To delete all existing files and subfolders in the o/dbkup folder on your C: drive, and then to store MSMQ message 
files and registry settings in the folder, type: 


mqbkup /b /y c:\oldbkup 
To restore MSMQ messages and registry settings, type: 


mqbkup /r c:\msmqbkup 


Additional References 


e Command-Line Syntax Key 


e MSMQ Powershell Reference 


masvc 
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Message Queuing technology enables apps running at different times to communicate across heterogeneous 
networks and systems that may be temporarily offline. Message Queuing provides guaranteed message delivery, 
efficient routing, security, and priority-based messaging. It can be used to implement solutions for both 


asynchronous and synchronous messaging scenarios. For more information about Message Queuing, see Message 
Queuing (MSMQ). 


Syntax 


mqsvc.exe 


Additional References 
e Command-Line Syntax Key 


e MSMQ Powershell Reference 


matgsvc 
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Monitors a queue for incoming messages and performs an action, in the form of an executable file or COM 
component, when the rules of a trigger are evaluated as true. For examples of how the Message Queuing Triggers 
service can be used, see Message Queuing Triggers. 


Syntax 





mqtgsvc.exe 


Additional References 
e Command-Line Syntax Key 


e MSMQ Powershell Reference 


msdt 
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Invokes a troubleshooting pack at the command line or as part of an automated script, and enables additional 


options without user input. 


Syntax 


msdt </id <name> | /path <name> | /cab < name>> <</parameter> [options] .. <parameter> [options]>> 


Parameters 


PARAMETER 


/id <packagename> 


/path 


<directory|.diagpkg file|.diagcfg 
file> 


/dci <passkey> 


/dt <directory> 


/af <answerfile> 


/modal <ownerHWND> 


DESCRIPTION 


Specifies which diagnostic package to 
run. For a list of available packages, see 
Available Troubleshooting packs. 


Specifies the full path to a diagnostic 
package. If you specify a directory, the 
directory must contain a diagnostic 
package. You cannot use the /path 
parameter in conjunction with the** 
/id**, /dci, or /cab parameters. 


Prepopulates the passkey field. This 
parameter is only used when a support 
provider has supplied a passkey. 


Displays the troubleshooting history in 
the specified directory. Diagnostic 
results are stored in the user's 
%LOCALAPPDATA%\Diagnostics or 
%LOCALAPPDATA%\ElevatedDiagn 
ostics directories. 


Specifies an answer file in XML format 
that contains responses to one or more 
diagnostic interactions. 


Makes the troubleshooting pack modal 
to a window designated by the parent 
Console Window Handle (HWND), in 
decimal. This parameter is typically used 
by applications that launch a 
troubleshooting pack. For more 
information about obtaining Console 
Window Handles, see How to Obtain a 
Console Window Handle (HWND). 


PARAMETER 


/moreoptions <true|false> 


/param <parameters> 


/advanced 


/custom 


Return codes 


Troubleshooting packs comprise a set of root causes, each of which describes a specific technical problem. After 
completing the troubleshooting pack tasks, each root cause returns a state of fixed, not fixed, detected (but not 
fixable), or not found. In addition to specific results reported in the troubleshooter user interface, the 
troubleshooting engine returns a code in the results describing, in general terms, whether or not the 


DESCRIPTION 


Enables (true) or suppresses (false) the 
final troubleshooting screen that asks if 
the user wants to explore additional 
options. This parameter is typically used 
when the troubleshooting pack is 
launched by a troubleshooter that isn't 
part of the operating system. 


Specifies a set of interaction responses 
at the command line, similar to an 
answer file. This parameter isn't typically 
used within the context of 
troubleshooting packs created with TSP 
Designer. For more information about 
developing custom parameters, see 
Windows Troubleshooting Platform. 


Expands the advanced link on the 
Welcome page by default when the 
troubleshooting pack is started. 


Prompts the user to confirm each 
possible resolution before it is applied. 


troubleshooter fixed the original problem. The codes are: 


CODE 


Additional References 


e Command-Line Syntax Key 


e Available troubleshooting packs 


DESCRIPTION 


Interruption: The troubleshooter was closed before the 
troubleshooting tasks were completed. 


Fixed: The troubleshooter identified and fixed at least one 
root cause, and no root causes remain in a not fixed state. 


Present, but not fixed: The troubleshooter identified one or 
more root causes that remain in a not fixed state. This code is 
returned even if another root cause was fixed. 


Not found: The troubleshooter did not identify any root 


causes. 


e TroubleshootingPack Powershell reference 


msg 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sends a message to a user on a Remote Desktop Session Host server. 





NOTE 


You must have Message special access permission to send a message. 





Syntax 


msg {<username> | <sessionname> | <sessionID>| @<filename> | *} [/server:<servername>] [/time:<seconds>] [/v] 
[/w] [<message>] 


Parameters 


PARAMETER DESCRIPTION 


<username> Specifies the name of the user that you want to receive the 
message. If you don't specify a user or a session, this 
command displays an error message. When specifying a 
session, it must be an active one. 


<sessionname> Specifies the name of the session that you want to receive the 
message. If you don't specify a user or a session, this 
command displays an error message. When specifying a 
session, it must be an active one. 


<sessionID> Specifies the numeric ID of the session whose user you want 
to receive a message. 


@<filename> Identifies a file containing a list of user names, session names, 
and session IDs that you want to receive the message. 


Sends the message to all user names on the system. 


/server: <servername> Specifies the Remote Desktop Session Host server whose 
session or user you want to receive the message. If 
unspecified, /server uses the server to which you are 
currently logged on. 


/time: <seconds> Specifies the amount of time that the message you sent is 
displayed on the user's screen. After the time limit is reached, 
the message disappears. If no time limit is set, the message 
remains on the user's screen until the user sees the message 
and clicks OK. 


PARAMETER DESCRIPTION 
N Displays information about the actions being performed. 


/w Waits for an acknowledgment from the user that the message 
has been received. Use this parameter with 
/time:<*seconds*> to avoid a possible long delay if the user 
does not immediately respond. Using this parameter with /v 
is also helpful. 


<message> Specifies the text of the message that you want to send. If no 
message is specified, you will be prompted to enter a 
message. To send a message that is contained in a file, type 
the less than (<) symbol followed by the file name. 


/? Displays help at the command prompt. 


Examples 


To send a message entitled, Let's meet at TPM today to all sessions for User7, type: 
msg User1 Let's meet at 1PM today 
To send the same message to session modeM02, type: 
msg modem@2 Let's meet at 1PM today 
To send the message to all sessions contained in the file userlist, type: 
msg @userlist Let's meet at 1PM today 
To send the message to all users who are logged on, type: 
msg * Let's meet at 1PM today 
To send the message to all users, with an acknowledgment time-out (for example, 10 seconds), type: 


msg * /time:1Ø Let's meet at 1PM today 


Additional References 


e Command-Line Syntax Key 


msiexec 


11/2/2020 * 5 minutes to read * Edit Online 





Provides the means to install, modify, and perform operations on Windows Installer from the command line. 


Install options 
Set the install type for launching an installation package. 


Syntax 


msiexec.exe [/i][/a][/j{u|m|/g|/t}][/x] <path_to_package> 


Parameters 

PARAMETER DESCRIPTION 

/i Specifies normal installation. 

/a Specifies administrative installation. 

/ju Advertise the product to the current user. 

/jm Advertise the product to all users. 

//g Specifies the language identifier used by the advertised 

package. 
/j/t Applies transform to the advertised package. 
/x Uninstalls the package. 
<path_to_package> Specifies the location and name of the installation package file. 

Examples 


To install a package named example.msi from the C: drive, using a normal installation process, type: 


msiexec.exe /i "C:\example.msi" 


Display options 


You can configure what a user sees during the installation process, based on your target environment. For example, 
if you're distributing a package to all clients for manual installation, there should be a full UI. However, if you're 
deploying a package using Group Policy, which requires no user interaction, there should be no UI involved. 


Syntax 
msiexec.exe /i <path_to_package> [/quiet][/passive][/q{n|b|r|f}] 


Parameters 


PARAMETER DESCRIPTION 


«path to package> Specifies the location and name of the installation package file. 
/quiet Specifies quiet mode, which means there's no user interaction 
required. 
/passive Specifies unattended mode, which means the installation only 


shows a progress bar. 


/qn Specifies there's no Ul during the installation process. 


/qn+ Specifies there's no UI during the installation process, except 
for a final dialog box at the end. 


/qb Specifies there's a basic Ul during the installation process. 


/qb+ Specifies there's a basic UI during the installation process, 
including a final dialog box at the end. 


/qr Specifies a reduced UI experience during the installation 
process. 
/af Specifies a full Ul experience during the installation process. 
Remarks 


@ The modal box isn't shown if the installation is cancelled by the user. You can use qb+! or qb! + to hide the 
CANCEL button. 


Examples 


To install package C:\example.msi, using a normal installation process and no UI, type: 


msiexec.exe /i "C:Vexample.msi" /qn 


Restart options 


If your installation package overwrites files or attempts to change files that are in use, a reboot might be required 
before the installation completes. 


Syntax 


msiexec.exe /i <path to package> [/norestart][/promptrestart][/forcerestart] 


Parameters 
PARAMETER DESCRIPTION 
«path to package> Specifies the location and name of the installation package file. 
/norestart Stops the device from restarting after the installation 


completes. 


/promptrestart Prompts the user if a reboot is required. 


PARAMETER 


/forcerestart 


Examples 


DESCRIPTION 


Restarts the device after the installation completes. 


To install package C:\example.msi, using a normal installation process with no reboot at the end, type: 


msiexec.exe /i "C:Vexample.msi" /norestart 


Logging options 


If you need to debug your installation package, you can set the parameters to create a log file with specific 


information. 


Syntax 


msiexec.exe [/i][/x] <path to package> [/Liilw|e|a[fr|ulc|mfolp|v|x+|!|*)] <path to log> 


Parameters 


PARAMETER 


/X 


<path to package> 


Ai 


/\w 


/le 


/la 


/r 


/lu 


/\c 


/\m 


/lo 


DESCRIPTION 


Specifies normal installation. 


Uninstalls the package. 


Specifies the location and name of the installation package file. 


Turns on logging and includes status messages in the output 
log file. 


Turns on logging and includes non-fatal warnings in the 
output log file. 


Turns on logging and includes all error messages in the output 
log file. 


Turns on logging and includes information about when an 
action started in the output log file. 


Turns on logging and includes action-specific records in the 
output log file. 


Turns on logging and includes user request information in the 
output log file. 


Turns on logging and includes the initial Ul parameters in the 
output log file. 


Turns on logging and includes out-of-memory or fatal exit 
information in the output log file. 


Turns on logging and includes out-of-disk-space messages in 
the output log file. 


PARAMETER DESCRIPTION 


/p Turns on logging and includes terminal properties in the 
output log file. 


/|p Turns on logging and includes terminal properties in the 
output log file. 


/\v Turns on logging and includes verbose output in the output 
log file. 
/p Turns on logging and includes terminal properties in the 


output log file. 


/Ix Turns on logging and includes extra debugging information in 
the output log file. 


/|+ Turns on logging and appends the information to an existing 
log file. 

A Turns on logging and flushes each line to the log file. 

je Turns on logging and logs all information, except verbose 


information (/lv) or extra debugging information (/Ix). 
<path_to_logfile> Specifies the location and name for the output log file. 


Examples 
To install package C:|example.msi, using a normal installation process with all logging information provided, 
including verbose output, and storing the output log file at C-|package./og, type: 


msiexec.exe /i "C:Vexample.msi" /L*V "C:\package. log” 


Update options 


You can apply or remove updates using an installation package. 


Syntax 


msiexec.exe [/p][/update][/uninstall[/package<product_code_of_package>]] <path_to_package> 


Parameters 
PARAMETER DESCRIPTION 
/p Installs a patch. If you're installing silently, you must also set 
the REINSTALLMODE property to ecmus and REINSTALL to 
ALL. Otherwise, the patch only updates the MSI cached on 
the target device. 
/update Install patches option. If you're applying multiple updates, you 


must separate them using a semi-colon (;). 


/package Installs or configures a product. 


Examples 


msiexec.exe /p "C:WMyPatch.msp" 
msiexec.exe /p "C:WMyPatch.msp" /qb REINSTALLMODE="ecmus" REINSTALL="ALL" 
msiexec.exe /update "C:\MyPatch.msp" 


msiexec.exe /uninstall {1BCBF52C-CD1B-454D-AEF7-852F73967318} /package {AAD3D77A-7476-469F -ADF4-04424124E91D} 


Where the first GUID is the patch GUID, and the second one is the MSI product code to which the patch was 
applied. 


Repair options 
You can use this command to repair an installed package. 


Syntax 


msiexec.exe [/f{p|ole|d|cl|al|u|m|s|v}] <product_code> 


Parameters 
PARAMETER DESCRIPTION 
/fp Repairs the package if a file is missing. 
/fo Repairs the package if a file is missing, or if an older version is 
installed. 
/fe Repairs the package if file is missing, or if an equal or older 
version is installed. 
/fd Repairs the package if file is missing, or if a different version is 
installed. 
/fc Repairs the package if file is missing, or if checksum does not 
match the calculated value. 
/fa Forces all files to be reinstalled. 
/fu Repairs all the required user-specific registry entries. 
/fm Repairs all the required computer-specific registry entries. 
/fs Repairs all existing shortcuts. 
/fv Runs from source and re-caches the local package. 
Examples 


To force all files to be reinstalled based on the MSI product code to be repaired, {AAD3D77A-7476-469F-ADF4- 
04424 124E9 1D}, type: 


msiexec.exe /fa {AAD3D77A-7476-469F -ADF4-04424124E91D} 


Set public properties 
You can set public properties through this command. For information about the available properties and how to set 


them, see Public Properties. 


Additional References 


e Command-Line Syntax Key 
e Msiexec.exe Command-Line Options 


e Standard Installer Command-Line Options 


msinfo32 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Opens the System Information tool to display a comprehensive view of the hardware, system components, and 
software environment on the local computer. 


Some System Information categories contain large amounts of data. You can use the start /wait command to 


optimize reporting performance for these categories. For more information, see System Information. 


Syntax 


msinfo32 [/pch] [/nfo <path>] [/report <path>] [/computer <computername>] [/showcategories] [/category 
<categoryID>] [/categories {+<categoryID>(+<categoryID>) |+al1(-<categoryID>)}] 


Parameters 
PARAMETER DESCRIPTION 

<path> Specifies the file to be opened in the format 
C:\Folder7\File7.xxx, where Cis the drive letter, Fo/der7 is the 
folder, File7 is the file name, and xxx is the file name extension. 
This file can be an .nfo, .xml, .txt, or .cab file. 

<computername> Specifies the name of the target or local computer. This can be 
a UNC name, an IP address, or a full computer name. 

<categoryID> Specifies the ID of the category item. You can obtain the 
category ID by using /showcategories. 

/pch Displays the System History view in the System Information 
tool. 

/nfo Saves the exported file as an .nfo file. If the file name that is 
specified in path does not end in an .nfo extension, the .nfo 
extension is automatically appended to the file name. 

/report Saves the file in path as a text file. The file name is saved 
exactly as it appears in path. The .txt extension is not 
appended to the file unless it is specified in path. 

/computer Starts the System Information tool for the specified remote 
computer. You must have the appropriate permissions to 
access the remote computer. 

/showcategories Starts the System Information tool with all available category 


IDs displayed, rather than displaying the friendly or localized 
names. For example, the Software Environment category is 
displayed as the SWEnv category. 


PARAMETER DESCRIPTION 


/category Starts System Information with the specified category 
selected. Use /showcategories to display a list of available 
category IDs. 


/categories Starts System Information with only the specified category or 
categories displayed. It also limits the output to the selected 
category or categories. Use /showcategories to display a list 
of available category IDs. 


/? Displays help at the command prompt. 


Examples 


To list the available category IDs, type: 
msinfo32 /showcategories 

To start the System Information tool with all available information displayed, except Loaded Modules, type: 
msinfo32 /categories +all -loadedmodules 


To display System Summary information and to create an .nfo file called syssum.nfo, which contains information 
in the System Summary category, type: 


msinfo32 /nfo syssum.nfo /categories +systemsummary 


To display resource conflict information and to create an .nfo file called conflicts.nfo, which contains information 


about resource conflicts, type: 


msinfo32 /nfo conflicts.nfo /categories +componentsproblemdevices+resourcesconflicts+resourcesforcedhardware 


Additional References 


e Command-Line Syntax Key 


mstsc 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Creates connections to Remote Desktop Session Host servers or other remote computers, edits an existing Remote 


Desktop Connection (.rdp) configuration file, and migrates legacy connection files that were created with Client 


Connection Manager to new .rdp connection files. 


Syntax 


mstsc.exe [<connectionfile>] [/v:<server>[:<port>]] [/admin] [/f] [/w:<width> /h:<height>] [/public] [/span] 


mstsc.exe /edit <connectionfile> 
mstsc.exe /migrate 


Parameters 


PARAMETER 


<connectionfile> 


NV: <server>[:<port>] 


/admin 


/f 


IW: <width> 


/h: <height> 


/public 


/span 


/edit <connectionfile> 


/migrate 


f2 


Remarks 


DESCRIPTION 


Specifies the name of an .rdp file for the connection. 


Specifies the remote computer and, optionally, the port 
number to which you want to connect. 


Connects you to a session for administering the server. 


Starts Remote Desktop Connection in full-screen mode. 


Specifies the width of the Remote Desktop window. 


Specifies the height of the Remote Desktop window. 


Runs Remote Desktop in public mode. In public mode, 
passwords and bitmaps aren't cached. 


Matches the Remote Desktop width and height with the local 
virtual desktop, spanning across multiple monitors if 
necessary. 


Opens the specified .rdp file for editing. 


Migrates legacy connection files that were created with Client 
Connection Manager to new .rdp connection files. 


Displays help at the command prompt. 


e Default.rdp is stored for each user as a hidden file in the user's Documents folder. 


e User created .rdp files are saved by default in the user's Documents folder, but can be saved anywhere. 


e To span across monitors, the monitors must use the same resolution and must be aligned horizontally (that 
is, side-by-side). There is currently no support for spanning multiple monitors vertically on the client 


system. 


Examples 


To connect to a session in full-screen mode, type: 
mstsc /f 

or 
mstsc /v:computer1 /f 

To assign width/height, type: 
mstsc /v:computer1 /w:1920 /h:1080 

To open a file called filename.rdp for editing, type: 


mstsc /edit filename.rdp 


Additional References 


e Command-Line Syntax Key 


nbotstat 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local computer and 
remote computers, and the NetBIOS name cache. This command also allows a refresh of the NetBIOS name cache 
and the names registered with Windows Internet Name Service (WINS). Used without parameters, this command 
displays Help information. 


This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the 
properties of a network adapter in Network Connections. 


Syntax 


nbtstat [/a <remotename>] [/A <IPaddress>] [/c] [/n] [/r] [/R] [/RR] [/s] [/S] [<interval>] 


Parameters 

PARAMETER DESCRIPTION 

/a <remotename> Displays the NetBIOS name table of a remote computer, 
where remotename is the NetBIOS computer name of the 
remote computer. The NetBIOS name table is the list of 
NetBIOS names that corresponds to NetBIOS applications 
running on that computer. 

/A <IPaddress> Displays the NetBIOS name table of a remote computer, 
specified by the IP address (in dotted decimal notation) of the 
remote computer. 

/c Displays the contents of the NetBIOS name cache, the table of 
NetBIOS names and their resolved IP addresses. 

/n Displays the NetBIOS name table of the local computer. The 
status of registered indicates that the name is registered 
either by broadcast or with a WINS server. 

fr Displays NetBIOS name resolution statistics. 

/R Purges the contents of the NetBIOS name cache and then 
reloads the pre-tagged entries from the Lmhosts file. 

/RR Releases and then refreshes NetBIOS names for the local 
computer that is registered with WINS servers. 

/s Displays NetBIOS client and server sessions, attempting to 


convert the destination IP address to a name. 


PARAMETER 


/S 


<interval> 


P? 


Remarks 


DESCRIPTION 


Displays NetBIOS client and server sessions, listing the remote 
computers by destination IP address only. 


Displays selected statistics, pausing the number of seconds 
specified in interva/ between each display. Press CTRL+C to 
stop displaying statistics. If this parameter is omitted, nbtstat 
prints the current configuration information only once. 


Displays help at the command prompt. 


e Thenbtstat command-line parameters are case-sensitive. 


e The column headings generated by the nbtstat command, include: 


HEADING 


Input 


Output 


In/Out 


Life 


Local Name 


Remote Host 


<Ø3> 


type 


Status 


State 


e The possible NetBIOS connection states, include: 


STATE 


Connected 


DESCRIPTION 


The number of bytes received. 


The number of bytes sent. 


Whether the connection is from the computer (outbound) 
or from another computer to the local computer 
(inbound). 


The remaining time that a name table cache entry will live 
before it is purged. 


The local NetBIOS name associated with the connection. 


The name or IP address associated with the remote 
computer. 


The last byte of a NetBIOS name converted to 
hexadecimal. Each NetBIOS name is 16 characters long. 
This last byte often has special significance because the 
same name might be present several times on a computer, 
differing only in the last byte. For example, <2@> isa 
space in ASCII text. 


The type of name. A name can either be a unique name or 
a group name. 


Whether the NetBIOS service on the remote computer is 
running (registered) or a duplicate computer name has 
registered the same service (Conflict). 


The state of NetBIOS connections. 


DESCRIPTION 


A session has been established. 


STATE DESCRIPTION 


listening This endpoint is available for an inbound connection. 


Idle This endpoint has been opened but cannot receive 
connections. 


Connecting A session is in the connecting phase and the name-to-IP 
address mapping of the destination is being resolved. 


Accepting An inbound session is currently being accepted and will be 
connected shortly. 


Reconnecting A session is trying to reconnect (it failed to connect on the 
first attempt). 


Outbound A session is in the connecting phase and the TCP 
connection is currently being created. 


Inbound An inbound session is in the connecting phase. 
Disconnecting A session is in the process of disconnecting. 
Disconnected The local computer has issued a disconnect and it is 


waiting for confirmation from the remote system. 


Examples 


To display the NetBIOS name table of the remote computer with the NetBIOS computer name of CORPO7, type: 


nbtstat /a CORPØ7 


To display the NetBIOS name table of the remote computer assigned the IP address of 70.0.0.99, type: 


nbtstat /A 10.0.0.99 


To display the NetBIOS name table of the local computer, type: 


nbtstat /n 


To display the contents of the local computer NetBIOS name cache, type: 


nbtstat /c 


To purge the NetBIOS name cache and reload the pre-tagged entries in the local Lmhosts file, type: 


nbtstat /R 


To release the NetBIOS names registered with the WINS server and re-register them, type: 


nbtstat /RR 


To display NetBIOS session statistics by IP address every five seconds, type: 


nbtstat /S 5 


Additional References 


e Command-Line Syntax Key 


netcfg 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Installs the Windows Preinstallation Environment (WinPE), a lightweight version of Windows used to deploy 


workstations. 


Syntax 


netcfg [/v] [/e] [/winpe] [/1 ] /c /i 


Parameters 
PARAMETER DESCRIPTION 
N Runs in verbose (detailed) mode. 
/e Uses servicing environment variables during install and 
uninstall. 
/winpe Installs TCP/IP NetBIOS, and Microsoft Client for Windows 
preinstallation environment (WinPE). 
Å Provides the location of the INF file. 
/c Provides the class of the component to be installed; protocol, 
service, or client. 
ji Provides the component ID. 
/s Provides the type of components to show, including \ta for 
adapters or n for net components. 
/b Displays the binding paths, when followed by a string 
containing the name of the path. 
/? Displays help at the command prompt. 
Examples 


To install the protocol example using cJoemdirlexample.inf, type: 


netcfg /1 c:\oemdir\example.inf /c p /i example 


To install the MS Server service, type: 


netcfg /c s /i MS Server 

To install TCP/IP NetBIOS and Microsoft Client for Windows preinstallation environment, type: 
netcfg /v /winpe 

To display if component MS_/PXis installed, type: 
netcfg /q MS_IPX 

To uninstall component MS_/PX, type: 
netcfg /u MS_IPX 

To show all installed net components, type: 
netcfg /s n 

To display binding paths containing MS_TCPIP, type: 
netcfg /b ms_tcpip 


Additional References 


e Command-Line Syntax Key 


net print 
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IMPORTANT 


This command has been deprecated. However, you can perform many of the same tasks using the prnjobs command, 


Windows Management Instrumentation (WMI), PrintManagement in Powershell, or Script resources for IT professionals. 





Displays information about a specified printer queue or a specified print job, or controls a specified print job. 


Syntax 


net print {\\<computername>\<sharename> | \\<computername> <jobnumber> [/hold | /release | /delete]} [help] 


Parameters 


PARAMETERS DESCRIPTION 


\\<computername>\<sharename> Specifies (by name) the computer and print queue about 
which you want to display information. 


\\<computername> Specifies (by name) the computer that hosts the print job you 
want to control. If you do not specify a computer, the local 
computer is assumed. Requires the <jobnumber> parameter. 


<jobnumber> Specifies the number of the print job you want to control. This 
number is assigned by the computer that hosts the print 
queue where the print job is sent. After a computer assigns a 
number to a print job, that number is not assigned to any 
other print jobs in any queue hosted by that computer. 
Required when using the \\<computername> parameter. 


[/hold | /release | /delete] Specifies the action to take with the print job. If you specify a 
job number, but don't specify any action, information about 
the print job is displayed. 

e /hold - Delays the job, allowing other print jobs to 
bypass it until it is released. 

e /release - Releases a print job that has been delayed. 

e /delete - Removes a print job from a print queue. 


help Displays help at the command prompt. 


Remarks 


@ The net print\\<computername> command displays information about print jobs in a shared printer queue. 
The following is an example of a report for all print jobs in a queue for a shared printer named LASER: 


printers at \\PRODUCTION 


Name Job # Size Status 

LASER Queue 3 jobs *printer active* 
USER1 84 93844 printing 

USER2 85 12555 Waiting 

USER3 86 10222 Waiting 


e The following is an example of a report for a print job: 


Job # 35 
Status Waiting 
Size 3096 
remark 

Submitting user USER2 
Notify USER2 


Job data type 
Job parameters 
additional info 


Examples 


To list the contents of the Dotmatrix print queue on the |Production computer, type: 
net print \\Production\Dotmatrix 

To display information about job number 35 on the |Production computer, type: 
net print \\Production 35 

To delay job number 263 on the |Production computer, type: 
net print \\Production 263 /hold 

To release job number 263 on the |Production computer, type: 


net print \\Production 263 /release 


Additional References 


e Command-Line Syntax Key 

e print command reference 

e prnjobs command 

e Windows Management Instrumentation (WMI) 
e PrintManagement in Powershell 


e Script resources for IT professionals 


netsh 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016 


The Network Shell command-line scripting utility that allows you to, either locally or remotely, display or modify 
the network configuration of a currently running computer. You can start this utility at the command prompt or in 
Windows PowerShell. 


Syntax 


netsh [-a <Aliasfile>][-c <Context>][-r <Remotecomputer>][-u [<domainname>\<username>][-p <Password> | 
[{<NetshCommand> | -f <scriptfile>}] 


Parameters 

PARAMETER DESCRIPTION 

-a <Aliasfile> Specifies that you are returned to the netsh prompt after 
running Aliasfile and the name of the text file that contains 
one or more netsh commands. 

-C <Context> Specifies that netsh enters the specified netsh context and the 
netsh context to enter. 

-f <Remotecomputer> Specifies the remote computer to configure. 

Important: If you use this parameter, you must make 
sure the Remote Registry service is running on the remote 
computer. If it isn't running, Windows displays a “Network 
Path Not Found" error message. 

-u <domainname>Y<username> Specifies the domain and user account name to use while 
running the netsh command under a user account. If you omit 
the domain, the local domain is used by default. 

-p <Password> Specifies the password for the user account specified by the 

-u <username> parameter. 
«Net shCommand> Specifies the netsh command to run. 
-f <scriptfile> Exits the netsh command after running the specified script file. 
/? Displays help at the command prompt. 
Remarks 


e |f you specify -r followed by another command, netsh runs the command on the remote computer and then 
returns to the Cmd.exe command prompt. If you specify -r without another command, netsh opens in 
remote mode. The process is similar to using set machine at the Netsh command prompt. When you use - 
r, you set the target computer for the current instance of netsh only. After you exit and reenter netsh, the 
target computer is reset as the local computer. You can run netsh commands on a remote computer by 


specifying a computer name stored in WINS, a UNC name, an Internet name to be resolved by the DNS 
server, or an IP address. 


e If your string value contains spaces between characters, you must enclose the string value in quotation 


marks. For example, -r "contoso remote device" 


Additional References 


e Command-Line Syntax Key 


netstat 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, 
IPv4 statistics (for the IP ICMP TCP. and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and 
UDP over IPv6 protocols). Used without parameters, this command displays active TCP connections. 





IMPORTANT 


This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a 


network adapter in Network Connections. 





Syntax 


netstat [-a] [-b] [-e] [-n] [-0] [-p <Protocol>] [-r] [-s] [<interval>] 


Parameters 


PARAMETER DESCRIPTION 


-a Displays all active TCP connections and the TCP and UDP 
ports on which the computer is listening. 


-b Displays the executable involved in creating each connection 
or listening port. In some cases well-known executables host 
multiple independent components, and in these cases the 
sequence of components involved in creating the connection 
or listening port is displayed. In this case the executable name 
is in [] at the bottom, on top is the component it called, and 
so forth until TCP/IP was reached. Note that this option can 
be time-consuming and will fail unless you have sufficient 
permissions. 


-e Displays Ethernet statistics, such as the number of bytes and 
packets sent and received. This parameter can be combined 
with -s. 


-n Displays active TCP connections, however, addresses and port 
numbers are expressed numerically and no attempt is made to 
determine names. 


-0 Displays active TCP connections and includes the process ID 
(PID) for each connection. You can find the application based 
on the PID on the Processes tab in Windows Task Manager. 
This parameter can be combined with -a, -n, and -p. 


PARAMETER 


-P <Protocol> 


<interval> 


P? 


Remarks 


DESCRIPTION 


Shows connections for the protocol specified by Protocol In 
this case, the Protocol can be tcp, udp, tcpv6, or udpvé. If this 
parameter is used with -s to display statistics by protocol, 
Protocol can be tcp, udp, icmp, ip, tcpv6, udpv6, icmpv6, or 
ipv6. 


Displays statistics by protocol. By default, statistics are shown 
for the TCP UDP ICMP and IP protocols. If the IPv6 protocol is 
installed, statistics are shown for the TCP over IPv6, UDP over 
IPv6, ICMPv6, and IPv6 protocols. The -p parameter can be 
used to specify a set of protocols. 


Displays the contents of the IP routing table. This is equivalent 
to the route print command. 


Redisplays the selected information every interval seconds. 
Press CTRL+C to stop the redisplay. If this parameter is 
omitted, this command prints the selected information only 
once. 


Displays help at the command prompt. 


e The netstat command provides statistics for the following: 


PARAMETER 


Proto 


Local address 


Foreign address 


State 


Examples 


DESCRIPTION 


The name of the protocol (TCP or UDP). 


The IP address of the local computer and the port number 
being used. The name of the local computer that 
corresponds to the IP address and the name of the port is 
shown unless the -n parameter is specified. If the port is 
not yet established, the port number is shown as an 
asterisk (*). 


The IP address and port number of the remote computer 
to which the socket is connected. The names that 
corresponds to the IP address and the port are shown 
unless the -n parameter is specified. If the port is not yet 
established, the port number is shown as an asterisk (*). 


Indicates the state of a TCP connection, including: 
e CLOSE_WAIT 

e CLOSED 

e ESTABLISHED 
e FIN_WAIT_1 

e FIN_WAIT_2 

e LAST_ACK 

e LISTEN 

e SYN RECEIVED 
e SYN SEND 

e TIMED WAIT 


To display both the Ethernet statistics and the statistics for all protocols, type: 
netstat -e -s 

To display the statistics for only the TCP and UDP protocols, type: 
netstat -s -p tcp udp 

To display active TCP connections and the process IDs every 5 seconds, type: 
netstat -o 5 

To display active TCP connections and the process IDs using numerical form, type: 


netstat -n -o 


Additional References 


e Command-Line Syntax Key 


nfsadmin 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


A command-line utility that administers Server for NFS or Client for NFS on the local or remote computer running 
Microsoft Services for Network File System (NFS). Used without parameters, nfsadmin server displays the current 
Server for NFS configuration settings and nfsadmin client displays the current Client for NFS configuration 
settings. 


Syntax 


nfsadmin server [computername ] Username Password]] -1 
Password]] -r {client | all} 


Password]] {start | stop} 


nfsadmin server [computername ] Username 


nfsadmin server [computername ] Username 


nfsadmin server [computername ] Username Password]] config option[...] 


nfsadmin server [computername ] Username Password]] creategroup <name> 


nfsadmin server [computername ] Username Password]] listgroups 


nfsadmin server [computername ] Username Password]] renamegroup <oldname> <newname> 


nfsadmin server [computername ] Username Password]] addmembers <hostname>[... ] 


nfsadmin server [computername ] Username Password]] listmembers 


nfsadmin server [computername ] Username Password]] deletemembers <hostname><groupname>[...] 
Password]] {start | stop} 


Password]] config option[...] 


Username 


[-u [-p 
[-u [-p 
[-u [-p 
[-u [-p 
[-u [-p 
[-u [-p 
nfsadmin server [computername] [-u Username [-p Password]] deletegroup <name> 
[-u [-p 
[-u [-p 
[-u [-p 
[-u [-p 
nfsadmin client [computername] [-u [-p 
[-u [-p 


nfsadmin client [computername] Username 


General Parameters 


PARAMETER DESCRIPTION 


computername Specifies the remote computer you want to administer. You 
can specify the computer using a Windows Internet Name 
Service (WINS) name or a Domain Name System (DNS) name, 
or by Internet Protocol (IP) address. 


-u Username Specifies the user name of the user whose credentials are to 
be used. It might be necessary to add the domain name to 
the user name in the form domain\username. 


-p Password Specifies the password of the user specified using the -u 
option. If you specify the -u option but omit the -p option, 
you are prompted for the user's password. 


Server for NFS-related parameters 


PARAMETER DESCRIPTION 
-l Lists all locks held by clients. 


-r fclient|all) Releases the locks held by a dient or, if all is specified, by all 
clients. 


PARAMETER 


start 


stop 


config 


DESCRIPTION 


Starts the Server for NFS service. 


Stops the Server for NFS service. 


Specifies general settings for Server for NFS. You must supply 
at least one of the following options with the config 
command argument: 


mapsvr= <server> - Sets server as the User Name 

Mapping server for Server for NFS. Although this 

option continues to be supported for compatibility 

with previous versions, you should use the sfuadmin 
utility instead. 

auditlocation= {eventlog|file|both|none} - 

Specifies whether events will be audited and where the 

events will be recorded. One of the following 

arguments is required: 

© eventlog - Specifies that audited events will be 
recorded only in the Event Viewer application 
log. 

o file - Specifies that audited events will be 
recorded only in the file specified by 

config fname . 

° both - Specifies that audited events will be 
recorded in the Event Viewer application log as 
well as the file specified by config fname . 

° none - Specifies that events aren't audited. 

fname= <file> - Sets the file specified by file as the 

audit file. The default is %sfudir%\log\nfssvr.log. 
fsize= <size> - Sets size as the maximum size in 
megabytes of the audit file. The default maximum size 
is 7 MB. 


audit=[+|-]mount [+|-]read [+|-]write [+|- 
Jcreate [+|-]delete [+|-]locking [+|-]all 


- Specifies the events to be logged. To start logging an 
event, type a plus sign (+) before the event name; to 
stop logging an event, type a minus sign (-) before the 
event name. If the sign is omitted, the + sign is 
assumed. Don't use all with any other event name. 
lockperiod= <seconds> - Specifies the number of 
seconds that Server for NFS will wait to reclaim locks 
after a connection to Server for NFS has been lost and 
then reestablished or after the Server for NFS service 
has been restarted. 

portmapprotocol= {TcP|uDP|TCcP+uDP} - Specifies 
which transport protocols Portmap supports. The 
default setting is TCP+UDP. 

mountprotocol= {TcP|UDP|TCP+UDP} - Specifies 
which transport protocols mount supports. The 
default setting is TCP+UDP. 

nfsprotocol= (TCP |UDP|TCP+UDP) - Specifies which 
transport protocols Network File System (NFS) 
supports. The default setting is TCP+UDP 
nlmprotocol= {TcP|UDP|TCP+UDP} - Specifies which 
transport protocols Network Lock Manager (NLM) 
supports. The default setting is TCP+UDP. 
nsmprotocol= {TcP|UDP|TCP+UDP} - Specifies which 
transport protocols Network Status Manager (NSM) 
supports. The default setting is TCP+UDP. 


PARAMETER 


creategroup <name> 


listgroups 


deletegroup <name> 


renamegroup <oldname> <newname> 


addmembers <hostname>[...] 


listmembers <name> 


* enableV3= (yes|no) - Specifies whether NFS 

DESCRIPTION s 
version 3 protocols will be supported. The default 
setting is yes. 

e renewauth= {yes|no} - Specifies whether client 
connections will be required to be reauthenticated 
after the period specified by config renewauthinterval. 
The default setting is no. 

e renewauthinterval= <seconds> - Specifies the 
number of seconds that elapse before a client is forced 
to be reauthenticated if config renewauth is set to 
yes. The default value is 600 seconds. 

e dircache= <size> - Specifies the size in kilobytes of 
the directory cache. The number specified as size must 
be a multiple of 4 between 4 and 128. The default 
directory cache size is 128 KB. 

e translationfile= <file> - Specifies a file containing 
mapping information for replacing characters in the 
names of files when moving them from Windows- 
based to UNIX-based file systems. If file is not 
specified, then file name character translation is 
disabled. If the value of translationfile is changed, 
you must restart the server for the change to take 
effect. 

e dotfileshidden= {yes|no} - Specifies whether files 
with names beginning with a period (.) are marked as 
hidden in the Windows file system, and consequently 
hidden from NFS clients. The default setting is no. 

* casesensitivelookups= {yes|no} - Specifies 
whether directory lookups are case sensitive (require 
exact matching of character case). 

You must also disable Windows kernel case- 
insensitivity to support case-sensitive file names. 
To support case-sensitivity, change the DWord 
value of the registry key, 


HKLM\SYSTEM\CurrentControlSet\Control\Session 
Manager\kernel 


,to0. 


* ntfscase= (lower l|upper|preserve) - Specifies 
whether the case of characters in the names of files in 
the NTFS file system will be returned in lowercase, 
uppercase, or in the form stored in the directory. The 
default setting is preserve. This setting can't be 
changed if casesensitivelookups is set to yes. 


Creates a new client group, giving it the specified name. 


Displays the names of all client groups. 


Removes the client group specified by name. 


Changes the name of the client group specified by o/dname to 
newname. 


Adds a host to the client group specified by name 


Lists the host computers in the dient group specified by 
name 


PARAMETER 


deletemembers <hostname><groupname>[...] 


Client for NFS-related parameters 


PARAMETER 


start 


stop 


config 


DESCRIPTION 


Removes the client specified by host from the client group 
specified by group. 


DESCRIPTION 


Starts the Client for NFS service. 


Stops the Client for NFS service. 


Specifies general settings for Client for NFS. You must supply 
at least one of the following options with the config 
command argument: 


fileaccess= <mode> - Specifies the default permission 
mode for files created on Network File System (NFS) 
servers. The mode argument consists of a three digit 
number, from 0 to 7 (inclusive), which represent the 
default permissions granted the user, group, and 
others. The digits translate to UNIX-style permissions 
as follows: 0=none, 1=x (execute), 2=w (write only), 
3=wx (write and execute), 4=r (read only), 5=rx (read 
and execute), 6=rw (read and write), and 7=rwx (read, 
write, and execute). For example, fileaccess=750 
gives read, write, and execute permissions to the 
owner, read and execute permissions to the group, and 
no access permission to others. 

mapsvr= <server> - Sets server as the User Name 
Mapping server for Client for NFS. Although this 
option continues to be supported for compatibility 
with previous versions, you should use the sfuadmin 
utility instead. 

mtype= {hard|soft} - Specifies the default mount 
type. For a hard mount, Client for NFS continues to 
retry a failed RPC until it succeeds. For a soft mount, 
Client for NFS returns failure to the calling application 
after retrying the call the number of times specified by 
the retry option. 

retry= <number> - Specifies the number of times to 
try to make a connection for a soft mount. This value 
must be from 1 to 10, inclusive. The default is 1. 
timeout= <seconds> - Specifies the number of 
seconds to wait for a connection (remote procedure 
call). This value must be 0.8, 0.9, or an integer from 7 
to 60, inclusive. The default is 0.8. 

protocol= {TcP|UDP|TCP+UDP} - Specifies which 
transport protocols the client supports. The default 
setting is TCP+UDP. 

rsize= <size> -Specifies the size, in kilobytes, of the 
read buffer. This value can be 0.5, 1, 2, 4, 8, 16, or 32. 
The default is 32. 

wsize= <size> - Specifies the size, in kilobytes, of the 
write buffer. This value can be 0.5, 1, 2, 4, 8, 16, or 32. 
The default is 32. 

perf=default - Restores the following performance 
settings to default values, mtype, retry, timeout, rsize, 
or wsize. 


Examples 


To stop Server for NFS or Client for NFS, type: 


nfsadmin server stop 
nfsadmin client stop 


To start Server for NFS or Client for NFS, type: 


nfsadmin server start 
nfsadmin client start 


To set Server for NFS to not be case-sensitive, type: 
nfsadmin server config casesensitive=no 
To set Client for NFS to be case-sensitive, type: 
nfsadmin client config casesensitive=yes 
To display all the current Server for NFS or Client for NFS options, type: 


nfsadmin server config 
nfsadmin client config 


Additional References 


e Command-Line Syntax Key 


e NFS cmdlets reference 


nfsshare 
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Controls Network File System (NFS) shares. Used without parameters, this command displays all Network File 


System (NFS) shares exported by Server for NFS. 


Syntax 


nfsshare <sharename>=<drive:path> [-o <option=value>... 


nfsshare {<sharename> | <drive>:<path> | * } /delete 


Parameters 


PARAMETER 


-O anon= {yes|no} 


-Orw= [<host>[:<host>]...] 


-O ro= [<host>[:<host>]...] 


-0 encoding= 


{euc-jp|euc-tw|euc-kr|shift-jis|Big5|Ksc5601|Gb2312- 
80|Ansi) 


-0 anongid= <gid> 


DESCRIPTION 


Specifies whether anonymous (unmapped) users can access 
the share directory. 


Provides read-write access to the shared directory by the 
hosts or client groups specified by host. You must separate 
host and group names with a colon (:). If host isn't specified, 
all hosts and client groups (except those specified with the ro 
option) get read-write access. If neither the ro nor the rw 
option is set, all clients have read-write access to the shared 
directory. 


Provides read-only access to the shared directory by the 
hosts or client groups specified by host. You must separate 
host and group names with a colon (:). If host isn't specified, 
all clients (except those specified with the rw option) get read- 
only access. If the ro option is set for one or more clients, but 
the rw option isn't set, only the clients specified with the ro 
option have access to the shared directory. 


Specifies the language encoding to configure on an NFS share. 
You can use only one language on the share. This value can 
include any of the following values: 

* euc-jp: Japanese 

* euc-tw: Chinese 

e euc-kr: Korean 

e shift-jis: Japanese 

e Big5: Chinese 

*e Ksc5601: Korean 

® Gb2312-80: Simplified Chinese 

e Ansi: ANSI-encoded 


Specifies that anonymous (unmapped) users access the share 
directory using gid as their group identifier (GID). The default 
is -2. The anonymous GID is used when reporting the owner 
of a file owned by an unmapped user, even if anonymous 
access is disabled. 


PARAMETER 


-0 anonuid= <uid> 


-O root= [<host>[:<host>]...] 


/delete 


VG 


Remarks 


DESCRIPTION 


Specifies that anonymous (unmapped) users access the share 
directory using uid as their user identifier (UID). The default is 
-2. The anonymous UID is used when reporting the owner of 
a file owned by an unmapped user, even if anonymous access 
is disabled. 


Provides root access to the shared directory by the hosts or 
client groups specified by host. You must separate host and 
group names with a colon (:). If host isn't specified, all clients 
get root access. If the root option isn't set, no clients have 
root access to the shared directory. 


If sharenameor <drive>:<path> is specified, this parameter 
deletes the specified share. If a wildcard (*) is specified, this 
parameter deletes all NFS shares. 


Displays help at the command prompt. 


e |f sharenameas the only parameter, this command lists the properties of the NFS share identified by 


sharename. 


e If sharenameand <drive>:<path> are used, this command exports the folder identified by <drive>:<path> 


as sharename. If you use the /delete option, the specified folder stops being available to NFS clients. 


Additional References 


e Command-Line Syntax Key 


e Services for Network File System Command Reference 


e NFS cmdlets reference 


ASSEN 
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A command-line utility that displays statistical info about the Network File System (NFS) and Remote Procedure 
Call (RPC) calls. Used without parameters, this command displays all of the statistical data without resetting 
anything. 


Syntax 


nfsstat [-c][-s][-n][-r][-z][-m] 


Parameters 

PARAMETER DESCRIPTION 

-C Displays only the client-side NFS and RPC and NFS calls sent 
and rejected by the client. To display NFS or RPC information 
only, combine this flag with the -n or -r parameter. 

-S Displays only the server-side NFS and RPC and NFS calls sent 
and rejected by the server. To display NFS or RPC information 
only, combine this flag with the -n or -r parameter. 

-m Displays information about mount flags set by mount options, 
mount flags internal to the system, and other mount 
information. 

-n Displays NFS information for both the client and server. To 
display only the NFS client or server information, combine this 
flag with the -c or -s parameter. 

-r Displays RPC information for both the client and server. To 
display only the RPC client or server information, combine this 
flag with the -c or -s parameter. 

-Z Resets the call statistics. This flag is only available to the root 
user and can be combined with any of the other parameters 
to reset particular sets of statistics after displaying them. 

Examples 


To display information about the number of RPC and NFS calls sent and rejected by the client, type: 


nfsstat -c 


To display and print the client NFS call-related information, type: 


nfsstat -cn 


To display RPC call-related information for both the client and server, type: 


nfsstat -r 


To display information about the number of RPC and NFS calls received and rejected by the server, type: 


nfsstat -s 


To reset all call-related information to zero on the client and server, type: 


nfsstat -z 


Additional References 
e Command-Line Syntax Key 
e Services for Network File System Command Reference 


e NFS cmdlets reference 


nlbmgr 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Configure and manage your Network Load Balancing clusters and all cluster hosts from a single computer, using 
the Network Load Balancing Manager. You can also use this command to replicate the cluster configuration to other 
hosts. 


You can start the Network Load Balancing Manager from the command-line using the command nlbmgr.exe, 
which is installed in the systemroot\System 32 folder. 


Syntax 


nlbmgr [/noping][/hostlist <filename>][/autorefresh <interval>][/help | /?] 


Parameters 


PARAMETER DESCRIPTION 


/noping Prevents the Network Load Balancing Manager from pinging 
the hosts prior to trying to contact them through Windows 
Management Instrumentation (WMI). Use this option if you 
have disabled Internet Control Message Protocol (ICMP) on all 
available network adapters. If the Network Load Balancing 
Manager attempts to contact a host that isn't available, you'll 
experience a delay when using this option. 


/hostlist <filename> Loads the hosts specified in filename into the Network Load 
Balancing Manager. 


/autorefresh <interval> Causes the Network Load Balancing Manager to refresh its 
host and cluster information every <interval> seconds. If 
no interval is specified, the information is refreshed every 60 
seconds. 


/? Displays help at the command prompt. 


/help Displays help at the command prompt. 


Additional References 
e Command-Line Syntax Key 


e NetworkLoadBalancingClusters cmdlets reference 


nslookup 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information that you can use to diagnose Domain Name System (DNS) infrastructure. Before using this 
tool, you should be familiar with how DNS works. The nslookup command-line tool is available only if you have 
installed the TCP/IP protocol. 


The nslookup command-line tool has two modes: interactive and noninteractive. 


If you need to look up only a single piece of data, we recommend using the non-interactive mode. For the first 
parameter, type the name or IP address of the computer that you want to look up. For the second parameter, type 
the name or IP address of a DNS name server. If you omit the second argument, nslookup uses the default DNS 
name server. 


If you need to look up more than one piece of data, you can use interactive mode. Type a hyphen (-) for the first 
parameter and the name or IP address of a DNS name server for the second parameter. If you omit both 
parameters, the tool uses the default DNS name server. While using the interactive mode, you can: 


e Interrupt interactive commands at any time, by pressing CTRL+B. 
e Exit, by typing exit. 


e Treat a built-in command as a computer name, by preceding it with the escape character (). An unrecognized 


command is interpreted as a computer name. 


Syntax 


nslookup [exit | finger | help | 1s | lserver | root | server | set | view] [options] 


Parameters 
PARAMETER DESCRIPTION 
nslookup exit Exits the nslookup command-line tool. 
nslookup finger Connects with the finger server on the current computer. 
nslookup help Displays a short summary of subcommands. 
nslookup Is Lists information for a DNS domain. 
nslookup Iserver Changes the default server to the specified DNS domain. 
nslookup root Changes the default server to the server for the root of the 


DNS domain name space. 


nslookup server Changes the default server to the specified DNS domain. 


PARAMETER 


nslookup set 


nslookup set all 


nslookup set class 


nslookup set d2 


nslookup set debug 


nslookup set domain 


nslookup set port 


nslookup set querytype 


nslookup set recurse 


nslookup set retry 


nslookup set root 


nslookup set search 


nslookup set srchlist 


nslookup set timeout 


nslookup set type 


nslookup set vc 


nslookup view 


Remarks 


DESCRIPTION 


Changes configuration settings that affect how lookups 
function. 


Prints the current values of the configuration settings. 


Changes the query class. The class specifies the protocol 
group of the information. 


Turns exhaustive Debugging mode on or off. All fields of every 
packet are printed. 


Turns Debugging mode on or off. 


Changes the default DNS domain name to the name specified. 


Changes the default TCP/UDP DNS name server port to the 
value specified. 


Changes the resource record type for the query. 


Tells the DNS name server to query other servers if it doesn't 
have the information. 


Sets the number of retries. 


Changes the name of the root server used for queries. 


Appends the DNS domain names in the DNS domain search 
list to the request until an answer is received. This applies 
when the set and the lookup request contain at least one 
period, but do not end with a trailing period. 


Changes the default DNS domain name and search list. 


Changes the initial number of seconds to wait for a reply to a 
request. 


Changes the resource record type for the query. 


Specifies to use or not use a virtual circuit when sending 
requests to the server. 


Sorts and lists the output of the previous Is subcommand or 
commands. 


e If computerTofind is an IP address and the query is for an A or PTR resource record type, the name of the 


computer is returned. 


e If computerTofind is a name and doesn't have a trailing period, the default DNS domain name is appended 


to the name. This behavior depends on the state of the following set sulbcommands: domain, srchlist, 


defname, and search. 


e |f you type a hyphen (-) instead of computerTofind, the command prompt changes to nslookup interactive 


mode. 


e If the lookup request fails, the command-line tool provides an error message, including: 


ERROR MESSAGE 


timed out 


No response from server 


No records 


Nonexistent domain 


Connection refused or Network is unreachable 


Server failure 


Refused 


format error 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


The server didn't respond to a request after a certain 
amount of time and a certain number of retries. You can 
set the time-out period with the nslookup set timeout 
command. You can set the number of retries with the 
nslookup set retry command. 


No DNS name server is running on the server computer. 


The DNS name server doesn't have resource records of the 
current query type for the computer, although the 
computer name is valid. The query type is specified with 
the nslookup set querytype command. 


The computer or DNS domain name doesn't exist. 


The connection to the DNS name server or finger server 
could not be made. This error commonly occurs with the 
Is and finger requests. 


The DNS name server found an internal inconsistency in 
its database and could not return a valid answer. 


The DNS name server refused to service the request. 


The DNS name server found that the request packet was 
not in the proper format. It may indicate an error in 
nslookup. 


nslookup /exit 
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Exits the nslookup command-line tool. 


Syntax 





nslookup /exit 











Parameters 
PARAMETER DESCRIPTION 
R Displays help at the command prompt. 
/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


nslookup /finger 
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Connects with the finger server on the current device. 


Syntax 


finger [<username>] [{[>] <filename> | [>>] <filename>}] 


Parameters 
PARAMETER DESCRIPTION 
<username> Specifies the name of the user to look up. 
<filename> Specifies a file name in which to save the output. You can use 
the greater than ( > ) and double greater than ( >> ) 
characters to redirect the output in the usual manner. 
R Displays help at the command prompt. 
/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


nslookup help 
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Displays the subcommand help text. 

















Syntax 
| help | 
? 
Parameters 
PARAMETER DESCRIPTION 
2 Displays help at the command prompt. 
/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


nslookup Is 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Lists DNS domain information. 


Syntax 


1s [<option>] <DNSdomain> [{[>] <filename>|[>>] <filename>}] 


Parameters 
PARAMETER DESCRIPTION 
<option> The valid options include: 
e -t: Lists all records of the specified type. For more 
information, see nslookup set querytype. 
e -a: Lists aliases of computers in the DNS domain. This 
parameter is the same as -t CNAME 
e -d: Lists all records for the DNS domain. This 
parameter is the same as -t ANY 
e -h: Lists CPU and operating system information for 
the DNS domain. This parameter is the same as -t 
HINFO 
e -s: Lists well-known services of computers in the DNS 
domain. This parameter is the same as -t WKS. 
<DNSdomain> Specifies the DNS domain for which you want information. 
<filename> Specifies a file name to use for the saved output. You can use 
the greater than ( > ) and double greater than ( >> ) 
characters to redirect the output in the usual manner. 
R Displays help at the command prompt. 
/help Displays help at the command prompt. 
Remarks 


e The default output of this command includes computer names and their associated IP addresses. 


e If your output is directed to a file, hash marks are added for every 50 records received from the server. 


Additional References 


e Command-Line Syntax Key 


e nslookup set querytype 


nslookup Iserver 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the initial server to the specified Domain Name System (DNS) domain. 


This command uses the initial server to look up the information about the specified DSN domain. If you want to 
lookup information using the current default server, use the nslookup server command. 


Syntax 


lserver <DNSdomain> 


Parameters 
PARAMETER DESCRIPTION 
<DNSdomain> Specifies the DNS domain for the initial server. 
/? Displays help at the command prompt. 
/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


e nslookup server 


nslookup root 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the default server to the server for the root of the Domain Name System (DNS) domain name space. 
Currently, the ns.nic.ddn.mil name server is used. You can change the name of the root server using the nslookup 
set root command. 





NOTE 


This command is the same as lserver ns.nic.ddn.mil. 





Syntax 


root 
Parameters 
PARAMETER DESCRIPTION 
/? Displays help at the command prompt. 
/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


e nslookup set root 


nslookup server 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the default server to the specified Domain Name System (DNS) domain. 


This command uses the current default server to look up the information about the specified DSN domain. If you 
want to lookup information using the initial server, use the nslookup Iserver command. 


Syntax 


server <DNSdomain> 


Parameters 
PARAMETER DESCRIPTION 
<DNSdomain> Specifies the DNS domain for the default server. 
P Displays help at the command prompt. 
/help Displays help at the command prompt. 


Additional References 
e Command-Line Syntax Key 


e nslookup Iserver 


nslookup set 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes configuration settings that affect how lookups function. 


Syntax 


set all [class | d2 | debug | domain | port | querytype | recurse | retry | root | search | srchlist | timeout 
| type | vc] [options] 


Parameters 

PARAMETER DESCRIPTION 

nslookup set all Lists all current settings. 

nslookup set class Changes the query class, which specifies the protocol group of 
the information. 

nslookup set d2 Turns the verbose debugging mode on or off. 

nslookup set debug Turns off debugging mode completely. 

nslookup set domain Changes the default Domain Name System (DNS) domain 
name to the specified name. 

nslookup set port Changes the default TCP/UDP Domain Name System (DNS) 
name server port to the specified value. 

nslookup set querytype Changes the resource record type for the query. 

nslookup set recurse Tells the Domain Name System (DNS) name server to query 
other servers if it doesn't find any information. 

nslookup set retry Sets the number of retries. 

nslookup set root Changes the name of the root server used for queries. 

nslookup set search Appends the Domain Name System (DNS) domain names in 
the DNS domain search list to the request until an answer is 
received. 

nslookup set srchlist Changes the default Domain Name System (DNS) domain 
name and search list. 

nslookup set timeout Changes the initial number of seconds to wait for a reply to a 


lookup request. 


PARAMETER 
nslookup set type 


nslookup set vc 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Changes the resource record type for the query. 


Specifies whether to use a virtual circuit when sending 
requests to the server. 


nslookup set all 


11/2/2020 * 2 minutes to read * Edit Online 





Outputs the current configuration setting values, including the default server and computer (the host). 

















Syntax 
set all 
Parameters 
PARAMETER DESCRIPTION 
R Displays help at the command prompt. 
/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


nslookup set class 
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Changes the query class. The class specifies the protocol group of the information. 


Syntax 


set class=<class> 


Parameters 
PARAMETER DESCRIPTION 
«class> The valid values include: 
e IN: Specifies the Internet class. This is the default 
value. 
e CHAOS: Specifies the Chaos class. 
e HESIOD: Specifies the MIT Athena Hesiod class. 
e ANY: Specifies to use any of the previously listed 
values. 
/? Displays help at the command prompt. 
/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


nslookup set d2 
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Turns the verbose debugging mode on or off. All fields of every packet are printed. 


Syntax 




















set [no]d2 
Parameters 
PARAMETER DESCRIPTION 
nod2 Turns off the verbose debugging mode. This is the default 
value. 

d2 Turns on the verbose debugging mode. 

/? Displays help at the command prompt. 

/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


nslookup set debug 
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Turns debugging mode on or off. 


Syntax 


set [no]debug 


Parameters 

PARAMETER DESCRIPTION 

nodebug Turns off debugging mode. This is the default value. 

debug Turns on debugging mode. By turning debugging mode on, 
you can view more information about the packet sent to the 
server and the resulting answer. 

/ Displays help at the command prompt. 

/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


nslookup set domain 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the default Domain Name System (DNS) domain name to the specified name. 


Syntax 


set domain=<domainname> 


Parameters 
PARAMETER DESCRIPTION 
<domainname> Specifies a new name for the default DNS domain name. The 
default value is the name of the host. 
/? Displays help at the command prompt. 
/help Displays help at the command prompt. 
Remarks 


e The default DNS domain name is appended to a lookup request depending on the state of the defname 
and search options. 


e The DNS domain search list contains the parents of the default DNS domain if it has at least two 
components in its name. For example, if the default DNS domain is mfg.widgets.com, the search list is 
named both mfg.widgets.com and widgets.com. 


e Use the nslookup set srchlist command to specify a different list and the nslookup set all command to 


display the list. 


Additional References 
e Command-Line Syntax Key 
e nslookup set srchlist 


e nslookup set all 


nslookup set port 
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Changes the default TCP/UDP Domain Name System (DNS) name server port to the specified value. 


Syntax 





set port=<port> 


























Parameters 
PARAMETER DESCRIPTION 
<port> Specifies the new value for the default TCP/UDP DNS name 
server port. The default port is 53. 
R Displays help at the command prompt. 
/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


nslookup set querytype 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Changes the resource record type for the query. For information about resource record types, see Request for 


Comment (Rfc) 1035. 


NOTE 


This command is the same as the nslookup set type command. 


Syntax 


set querytype=<resourcerecordtype> 


Parameters 





PARAMETER DESCRIPTION 


<resourcerecordtype> Specifies a DNS resource record type. The default resource 
record type is A, but you can use any of the following values: 


A: Specifies a computer's IP address. 

ANY: Specifies a computer's IP address. 

CNAME: Specifies a canonical name for an alias. 
GID Specifies a group identifier of a group name. 
HINFO: Specifies a computer's CPU and type of 
operating system. 

MB: Specifies a mailbox domain name. 

MG: Specifies a mail group member. 

MINFO: Specifies mailbox or mail list information. 
MR: Specifies the mail rename domain name. 

MX: Specifies the mail exchanger. 

NS: Specifies a DNS name server for the named zone. 
PTR: Specifies a computer name if the query is an IP 
address; otherwise, specifies the pointer to other 
information. 

SOA: Specifies the start-of-authority for a DNS zone. 
TXT: Specifies the text information. 

UID: Specifies the user identifier. 

UINFO: Specifies the user information. 

WKS: Describes a well-known service. 


/? Displays help at the command prompt. 


/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


e nslookup set type 


nslookup set recurse 
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Tells the Domain Name System (DNS) name server to query other servers if it can't find the information on the 
specified server. 


Syntax 


set [no]recurse 


Parameters 

PARAMETER DESCRIPTION 

norecurse Stops the Domain Name System (DNS) name server from 
querying other servers if it can't find the information on the 
specified server. 

recurse Tells the Domain Name System (DNS) name server to query 
other servers if it can't find the information on the specified 
server. This is the default value. 

/? Displays help at the command prompt. 

/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


nslookup set retry 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


If a reply isn't received within a certain amount of time, the time-out period is doubled, and the request is resent. 
This command sets the number of times a request is resent to a server for information, before giving up. 


NOTE 


To change the length of time before the request times out, use the nslookup set timeout command. 





Syntax 


set retry=<number> 


Parameters 
PARAMETER DESCRIPTION 
<number> Specifies the new value for the number of retries. The default 
number of retries is 4. 
/? Displays help at the command prompt. 
/help Displays help at the command prompt. 


Additional References 
e Command-Line Syntax Key 


e nslookup set timeout 


nslookup set root 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Changes the name of the root server used for queries. 





NOTE 


This command supports the nslookup root command. 








Syntax 


set root=<rootserver> 
Parameters 
PARAMETER 


<rootserver> 


R 


/help 


Additional References 


e Command-Line Syntax Key 


e nslookup root 


DESCRIPTION 


Specifies the new name for the root server. The default value 
is ns.nic.ddn.mil. 


Displays help at the command prompt. 


Displays help at the command prompt. 


nslookup set search 
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Appends the Domain Name System (DNS) domain names in the DNS domain search list to the request until an 


answer is received. This applies when the set and the lookup request contain at least one period, but do not end 
with a trailing period. 


Syntax 


set [no]search 


Parameters 

PARAMETER DESCRIPTION 

nosearch Stops appending the Domain Name System (DNS) domain 
names in the DNS domain search list for the request. 

search Appends the Domain Name System (DNS) domain names in 
the DNS domain search list for the request until an answer is 
received. This is the default value. 

/? Displays help at the command prompt. 

/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


nslookup set srchlist 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the default Domain Name System (DNS) domain name and search list. This command overrides the 
default DNS domain name and search list of the nslookup set domain command. 


Syntax 


set srchlist=<domainname>[/...] 


Parameters 
PARAMETER DESCRIPTION 
<domainname> Specifies new names for the default DNS domain and search 
list. The default domain name value is based on the host 
name. You can specify a maximum of six names separated by 
slashes (/). 
/? Displays help at the command prompt. 
/help Displays help at the command prompt. 
Remarks 


e Use the nslookup set all command to display the list. 


Examples 


To set the DNS domain to mfg.widgets.com and the search list to the three names: 


set srchlist=mfg.widgets.com/mrp2.widgets.com/widgets.com 


Additional References 


e Command-Line Syntax Key 
e nslookup set domain 


e nslookup set all 


nslookup set timeout 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Changes the initial number of seconds to wait for a reply to a lookup request. If a reply isn't received within the 
specified amount of time, the time-out period is doubled, and the request is resent. Use the nslookup set retry 
command to determine the number of times to try to send the request. 


Syntax 


set timeout=<number> 


Parameters 


PARAMETER 


<number> 


n 
/help 


Examples 


To set the timeout for getting a response to 2 seconds: 


set timeout=2 


Additional References 


e Command-Line Syntax Key 


e nslookup set retry 


DESCRIPTION 


Specifies the number of seconds to wait for a reply. The 
default number of seconds to wait is 5. 


Displays help at the command prompt. 


Displays help at the command prompt. 


nslookup set type 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Changes the resource record type for the query. For information about resource record types, see Request for 


Comment (Rfc) 1035. 


NOTE 


This command is the same as the nslookup set querytype command. 


Syntax 


set type=<resourcerecordtype> 


Parameters 





PARAMETER DESCRIPTION 


<resourcerecordtype> Specifies a DNS resource record type. The default resource 
record type is A, but you can use any of the following values: 


A: Specifies a computer's IP address. 

ANY: Specifies a computer's IP address. 

CNAME: Specifies a canonical name for an alias. 
GID Specifies a group identifier of a group name. 
HINFO: Specifies a computer's CPU and type of 
operating system. 

MB: Specifies a mailbox domain name. 

MG: Specifies a mail group member. 

MINFO: Specifies mailbox or mail list information. 
MR: Specifies the mail rename domain name. 

Mx: Specifies the mail exchanger. 

NS: Specifies a DNS name server for the named zone. 
PTR: Specifies a computer name if the query is an IP 
address; otherwise, specifies the pointer to other 
information. 

SOA: Specifies the start-of-authority for a DNS zone. 
TXT: Specifies the text information. 

UID: Specifies the user identifier. 

UINFO: Specifies the user information. 

WKS: Describes a well-known service. 


/ Displays help at the command prompt. 


/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


e nslookup set type 


nslookup set vc 
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Specifies whether to use a virtual circuit when sending requests to the server. 


Syntax 


set [no]vc 


Parameters 

PARAMETER DESCRIPTION 

novc Specifies to never use a virtual circuit when sending requests 
to the server. This is the default value. 

vc Specifies to always use a virtual circuit when sending requests 
to the server. 

/ Displays help at the command prompt. 

/help Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


nslookup view 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sorts and lists the output of the previous Is commands or subcommands. 


Syntax 


view <filename> 


Parameters 
PARAMETER DESCRIPTION 
<filename> Specifies the name of the file containing output from the 
previous Is commands or subcommands. 
/? Displays help at the command prompt. 
/help Displays help at the command prompt. 


Additional References 
e Command-Line Syntax Key 


e nslookup Is 


ntbackup 
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Backs up and restores your computer and files from a command prompt. This command has been replaced by the 
wbadmin command. 





Additional References 


e Command-Line Syntax Key 


e wbadmin 


ntcmdprompt 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Runs the command interpreter Cmd.exe, rather than Command.com, after running a Terminate and Stay 
Resident (TSR) or after starting the command prompt from within an MS-DOS application. 


Syntax 


ntcmdprompt 
Parameters 
PARAMETER DESCRIPTION 
/? Displays help at the command prompt. 
Remarks 


e When Command.com is running, some features of Cmd.exe, such as the doskey display of command history, 
aren't available. If you would prefer to run the Cmd.exe command interpreter after you've started a Terminate 
and Stay Resident (TSR) or started the command prompt from within an application based on MS-DOS, you can 
use the ntcmdprompt command. However, keep in mind that the TSR may not be available for use when you 
are running Cmd.exe. You can include the ntcmdprompt command in your Config.nt file or the equivalent 
custom startup file in an application's program information file (Pif). 


Additional References 


e Command-Line Syntax Key 


ntfrsutl 


11/2/2020 * 2 minutes to read ° Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Dumps the internal tables, thread, and memory information for the NT File Replication Service (NTFRS) from both 
the local and remote servers. The recovery setting for NTFRS in Service Control Manager (SCM) can be critical to 

locating and keeping important log events on the computer. This tool provides a convenient method of reviewing 
those settings. 


Syntax 


ntfrsutl[idtable|configtable|inlog|outlog][<computer>] 
ntfrsutl[memory|threads|stage][<computer>] 

ntfrsutl ds[<computer>] 

ntfrsutl [sets] [<computer>] 

ntfrsutl [version][<computer>] 

ntfrsutl poll[/quickly[=[<n>]]][/slowly[=[<n>]]][/now][<computer>] 


Parameters 
PARAMETER DESCRIPTION 
idtable Specifies the ID table. 
configtable Specifies the FRS configuration table. 
inlog Specifies the inbound log. 
outlog Specifies the outbound log. 
<computer> Specifies the computer. 
memory Specifies the memory usage. 
threads Specifies the memory usage. 
stage Specifies the memory usage. 
ds Lists the NTFRS service's view of the DS. 
sets Specifies the active replica sets. 


version Specifies the API and NTFRS service versions. 


PARAMETER DESCRIPTION 


poll Specifies the current polling intervals. 

e /quickly - Polls quickly until it retrieves a stable 
configuration. 

e = /quickly= - Polls quickly every default number of 
minutes. 

@ /quickly=<n> - Polls quickly every n minutes. 

& /slowly - Polls slowly until it retrieves a stable 
configuration. 

e /slowly= - Polls slowly every default number of 
minutes. 


@ /slowly=<n> - Polls slowly every n minutes. 


/now - Polls now. 


i Displays help at the command prompt. 


Examples 


To determine the polling interval for file replication, type: 
C:\Program Files\SupportTools>ntfrsutl poll wrkstn-1 

To determine the current NTFRS application program interface (API) version, type: 
C:\Program Files\SupportTools>ntfrsutl version 


Additional References 


e Command-Line Syntax Key 


offline 
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Takes an online disk or volume to the offline state. 


Syntax 





offline disk 
offline volume 











Parameters 
PARAMETER DESCRIPTION 
offline disk Takes the online disk with focus to the offline state. 
offline volume Takes the online volume with focus to the offline state. 


Additional References 


e Command-Line Syntax Key 


offline disk 
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Takes the online disk with focus to the offline state. If a dynamic disk in a disk group is taken offline, the status of 
the disk changes to missing and the group shows a disk that's offline. The missing disk is moved to the invalid 
group. If the dynamic disk is the last disk in the group, then the status of the disk changes to offline, and the 
empty group is removed. 


NOTE 


A disk must be selected for the offline disk command to succeed. Use the select disk command to select a disk and shift 
the focus to it. 


This command also works on disks in SAN online mode by changing the SAN mode to offline. 





Syntax 


offline disk [noerr] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To take the disk with focus offline, type: 


offline disk 


Additional References 


e Command-Line Syntax Key 


offline volume 
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Takes the online volume with focus to the offline state. 





NOTE 


A volume must be selected for the offline volume command to succeed. Use the select volume command to select a disk 
and shift the focus to it. 








Syntax 


offline volume [noerr] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To take the disk with focus offline, type: 


offline volume 


Additional References 


e Command-Line Syntax Key 


online 
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Takes an offline disk or volume to the online state. 


Syntax 





online disk 
online volume 











Parameters 
PARAMETER DESCRIPTION 
online disk Takes the offline disk with focus to the online state. 
online volume Takes the offline volume with focus to the online state. 


Additional References 


e Command-Line Syntax Key 


online disk 
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Takes the offline disk to the online state. For basic disks, this command attempts to bring online the selected disk 
and all volumes on that disk. For dynamic disks, this command attempts to bring online all disks that are not 
marked as foreign on the local computer. It also attempts to bring online all volumes on the set of dynamic disks. 


If a dynamic disk in a disk group is brought online and it's the only disk in the group, then the original group is 
recreated and the disk is moved to that group. If there are other disks in the group and they're online, then the disk 
is simply added back into the group. If the group of a selected disk contains mirrored or RAID-5 volumes, this 
command also resynchronizes these volumes. 


NOTE 


A disk must be selected for the online disk command to succeed. Use the select disk command to select a disk and shift the 


focus to it. 





IMPORTANT 


This command will fails if it's used on a read-only disk. 





Syntax 


online disk [noerr] 


Parameters 
For instructions about using this command, see Reactivate a Missing or Offline Dynamic Disk. 


PARAMETER DESCRIPTION 


noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 


Examples 


To take the disk with focus online, type: 


online disk 


Additional References 


e Command-Line Syntax Key 


online volume 
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Takes the offline volume to the online state. This command works on volumes that have failed, are failing, or are in 
failed redundancy state. 


NOTE 


A volume must be selected for the online volume command to succeed. Use the select volume command to select a 
volume and shift the focus to it. 








IMPORTANT 


This command will fails if it's used on a read-only disk. 








Syntax 


online volume [noerr] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To take the volume with focus online, type: 


online volume 


Additional References 


e Command-Line Syntax Key 


opentfiles 
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Enables an administrator to query, display, or disconnect files and directories that have been opened on a system. 


This command also enables or disables the system Maintain Objects List global flag. 


openfiles /disconnect 


Enables an administrator to disconnect files and folders that have been opened remotely through a shared folder. 


Syntax 


openfiles /disconnect [/s <system> [/u [<domain>\]<username> [/p [<password>]]]] {[/id <openfileID>] | [/a 
<accessedby>] | [/o {read | write | read/write}]} [/op <openfile>] 


Parameters 


PARAMETER 


/S <system> 


/u [<domain>\]<username> 


/p [<password>] 


/id <openfileID> 


/a <accessedby> 


/o {read | write | read/write} 


/op <openfile> 


P 


Examples 


DESCRIPTION 


Specifies the remote system to connect to (by name or IP 
address). Don't use backslashes. If you don't use the /s option, 
the command is run on the local computer by default. This 
parameter applies to all files and folders that are specified in 
the command. 


Runs the command using the permissions of the specified user 
account. If you don't use the /u option, system permissions 
are used by default. 


Specifies the password of the user account that is specified in 
the /u option. If you don't use the /p option, a password 
prompt appears when the command is run. 


Disconnects open files by the specified file ID. You can use the 
wildcard character (*) with this parameter. 


Note: You can use the openfiles /query command to 
find the file ID. 


Disconnects all open files associated with the user name 
specified in the accessedby parameter. You can use the 
wildcard character (*) with this parameter. 


Disconnects all open files with the specified open mode value. 
Valid values are Read, Write, or Read/Write. You can use the 
wildcard character (*) with this parameter. 


Disconnects all open file connections that are created by a 
specific open file name. You can use the wildcard character (*) 
with this parameter. 


Displays help at the command prompt. 


To disconnect all open files with the file /D 26843578, type: 
openfiles /disconnect /id 26843578 
To disconnect all open files and directories accessed by the user hirop!n, type: 
openfiles /disconnect /a hiropln 
To disconnect all open files and directories with read/write mode type: 
openfiles /disconnect /o read/write 
To disconnect the directory with the open file name *C:\testshare*, regardless of who is accessing it, type: 
openfiles /disconnect /a * /op c:\testshare\ 


To disconnect all open files on the remote computer srvmain that are being accessed by the user hirop!n, 


regardless of their ID, type: 


openfiles /disconnect /s srvmain /u maindom\hiropln /id * 


openfiles /query 
Queries and displays all open files. 


Syntax 


openfiles /query [/s <system> [/u [<domain>\]<username> [/p [<password>]]]] [/fo {TABLE | LIST | CSV}] [/nh] 
[/v] 


Parameters 

PARAMETER DESCRIPTION 

/S <system> Specifies the remote system to connect to (by name or IP 
address). Don't use backslashes. If you don't use the /s option, 
the command is run on the local computer by default. This 
parameter applies to all files and folders that are specified in 
the command. 

/U [<domain>V]<username> Runs the command using the permissions of the specified user 
account. If you don't use the /u option, system permissions 
are used by default. 

/p [<password>] Specifies the password of the user account that is specified in 


the /u option. If you don't use the /p option, a password 
prompt appears when the command is run. 


PARAMETER DESCRIPTION 


[/fo (TABLE | LIST | CSV) ] Displays the output in the specified format. Valid values 
include: 
e TABLE - Displays output in a table. 
e LIST - Displays output in a list. 
e CSV - Displays output in Comma Separated Values 
(CSV) format. 


/nh Suppresses column headers in the output. Valid only when the 
/fo parameter is set to TABLE or CSV. 


N Specifies that detailed (verbose) information be displayed in 
the output. 
/? Displays help at the command prompt. 
Examples 


To query and display all open files, type: 


openfiles /query 


To query and display all open files in table format without headers, type: 


openfiles /query /fo table /nh 


To query and display all open files in list format with detailed information, type: 


openfiles /query /fo list /v 


To query and display all open files on the remote system srvmain by using the credentials for the user A/rop/n on 
the maindom domain, type: 


openfiles /query /s srvmain /u maindom\hiropln /p p@ssW23 





NOTE 


In this example, the password is supplied on the command line. To prevent displaying the password, leave out the /p option. 


You'll be prompted for the password, which won't be echoed to the screen. 





openfiles /local 


Enables or disables the system Maintain Objects List global flag. If used without parameters, openfiles /local 
displays the current status of the Maintain Objects List global flag. 





NOTE 


Changes made by using the on or off option don't take effect until you restart the system. Enabling the Maintain Objects 
List global flag might slow down your system. 





Syntax 


openfiles /local [on | off] 


Parameters 
PARAMETER DESCRIPTION 
[on | off] Enables or disables the system Maintain Objects List global 
flag, which tracks local file handles. 
/ Displays help at the command prompt. 
Examples 


To check the current status of the Maintain Objects List global flag, type: 
openfiles /local 


By default, the Maintain Objects List global flag is disabled, and the following message appears, 
INFO: The system global flag ‘maintain objects list' is currently disabled. 


To enable the Maintain Objects List global flag, type: 
openfiles /local on 


The following message appears when the global flag is enabled, 


SUCCESS: The system global flag ‘maintain objects list' is enabled. This will take effect after the system is 
restarted. 


To disable the Maintain Objects List global flag, type: 


openfiles /local off 


Additional References 


e Command-Line Syntax Key 


pagefileconfig 
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Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 
2003 with SP2 





IMPORTANT 


This command has been deprecated. 





Enables an administrator to display and configure a system's paging file Virtual Memory settings. For descriptions 
and usage information, see pagefileconfig. 


Additional References 


e Command-Line Syntax Key 


path 


11/2/2020 * 2 minutes to read * Edit Online 





Sets the command path in the PATH environment variable, specifying the set of directories used to search for 


executable (.exe) files. If used without parameters, this command displays the current command path. 


Syntax 


path [[<drive>:]<path>[;...][5%PATH%]] 


path ; 
Parameters 

PARAMETER DESCRIPTION 

[<drive>:]<path> Specifies the drive and directory to set in the command path. 
The current directory is always searched before the directories 
specified in the command path. 

; Separates directories in the command path. If used without 
other parameters, ; clears the existing command paths from 
the PATH environment variable and directs Cmd.exe to search 
only in the current directory. 

%PATH% Appends the command path to the existing set of directories 
listed in the PATH environment variable. If you include this 
parameter, Cmd.exe replaces it with the command path values 
found in the PATH environment variable, eliminating the need 
to manually enter these values at the command prompt. 

/? Displays help at the command prompt. 

Remarks 
e The Windows operating system searches using default file name extensions in the following order of 
precedence: .exe, .com, .bat, and .cmd. Which means if you're looking for a batch file named, acct.bat, but 

have an app named acct.exe in the same directory, you must include the .bat extension at the command 

prompt. 

e If two or more files in the command path have the same file name and extension, this command first 

searches for the specified file name in the current directory. Then, it searches the directories in the command 

path in the order that they're listed in the PATH environment variable. 

e If you place the path command in your Autoexec.nt file, the Windows operating system automatically 

appends the specified MS-DOS subsystem search path every time you log on to your computer. Cmd.exe 

does not use the Autoexec.nt file. When started from a shortcut, Cmd.exe inherits the environment variables 

set in My Computer/Properties/Advanced/Environment. 

Examples 


To search the paths c:\user\taxes, b:\user\invest and b:|bin for external commands, type: 


path c:\user\taxes;b: \user\invest;b:\bin 


Additional References 


e Command-Line Syntax Key 


pathping 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Provides information about network latency and network loss at intermediate hops between a source and 
destination. This command sends multiple echo Request messages to each router between a source and 
destination, over a period of time, and then computes results based on the packets returned from each router. 
Because this command displays the degree of packet loss at any given router or link, you can determine which 
routers or subnets might be having network problems. Used without parameters, this command displays help. 





NOTE 


This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a 
network adapter in Network Connections. 


Additionally, this command identifies which routers are on the path, same as using the tracert command. Howevever, this 
command also sends pings periodically to all of the routers over a specified time period and computes statistics based on the 
number returned from each. 





Syntax 


pathping [/n] [/h <maximumhops>] [/g <hostlist>] [/p <Period>] [/q <numqueries> [/w <timeout>] [/i 
<IPaddress>] [/4 <IPv4>] [/6 <IPv6>][<targetname>] 


Parameters 

PARAMETER DESCRIPTION 

/n Prevents pathping from attempting to resolve the IP 
addresses of intermediate routers to their names. This might 
expedite the display of pathping results. 

/h <maximumhops> Specifies the maximum number of hops in the path to search 
for the target (destination). The default is 30 hops. 

/g <hostlist> Specifies that the echo Request messages use the Loose 


Source Route option in the IP header with the set of 
intermediate destinations specified in Aostlist. With loose 
source routing, successive intermediate destinations can be 
separated by one or multiple routers. The maximum number 
of addresses or names in the host list is 9. The hostlist is a 
series of IP addresses (in dotted decimal notation) separated 
by spaces. 


PARAMETER 


/P <period> 


/q <numqueries> 


/W <timeout> 


/i <IPaddress> 


/4 <IPv4> 


/6 <IPv6> 


<targetname> 


P? 


Remarks 


e All parameters are case-sensitive. 


DESCRIPTION 


Specifies the number of milliseconds to wait between 
consecutive pings. The default is 250 milliseconds (1/4 
second). This parameter sends individual pings to each 
intermediate hop. Because of this, the interval between two 
pings sent to the same hop is period multiplied by the 
number of hops. 


Specifies the number of echo Request messages sent to each 
router in the path. The default is 100 queries. 


Specifies the number of milliseconds to wait for each reply. The 
default is 3000 milliseconds (3 seconds). This parameter sends 
multiple pings in parallel. Because of this, the amount of time 
specified in the timeout parameter isn't bounded by the 
amount of time specified in the period parameter for waiting 
between pings. 


Specifies the source address. 


Specifies that pathping uses IPv4 only. 


Specifies that pathping uses IPVv6 only. 


Specifies the destination, which is identified either by IP 
address or host name. 


Displays help at the command prompt. 


e To avoid network congestion and to minimize the effects of burst losses, pings should be sent at a 


sufficiently slow pace. 


Example of the pathping command output 


D:\>pathping /n contoso1 
Tracing route to contosol [10.54.1.196] 
over a maximum of 30 hops: 

0 1172.16.87235 

1 172.16.87.218 

2. 192.168.52.1 

3 192.168.80.1 

4 10.54.247.14 

5 10.54.1.196 
computing statistics for 125 seconds... 

Source to Here This Node/Link 

Hop RTT Lost/Sent = Pct Lost/Sent = Pct address 


o 172.16.87.35 
Ə/ 100 = Ə% | 

1 —41ms @/ 100 = Ə% @/ 10@ = Ə% 172.16.87.218 
13/ 100 = 13% | 

2 22ms —16/ 100 = 16% 3/ 100 = 3% 192.168.52.1 
Ə/ 100 = Ə% | 

3 24ms 13/ 100 = 13% @/ 10@ = Ə% 192.168.80.1 
Ə/ 100 = Ə% | 

4 21ms 14/ 100 = 14% 1/ 100 = 1% 10.54.247.14 
Ə/ 100 = Ə% | 

5 24ms 13/ 100 = 13% @/ 10@ = Ə% 10.54.1.196 


Trace complete. 


When pathping is run, the first results list the path. Next, a busy message is displayed for approximately 90 
seconds (the time varies by hop count). During this time, information is gathered from all routers previously listed 
and from the links between them. At the end of this period, the test results are displayed. 


In the above sample report, the This Node/Link, Lost/Sent = Pct and address columns show that the link 
between 172.16.87.218 and 192.168.52.1 is dropping 13% of the packets. The routers at hops 2 and 4 are also 
dropping packets addressed to them, but this loss doesn't affect their ability to forward traffic that isn't addressed 
to them. 


The loss rates displayed for the links, identified as a vertical bar (|) in the address column, indicate link congestion 
that is causing the loss of packets that are being forwarded on the path. The loss rates displayed for routers 
(identified by their IP addresses) indicate that these routers might be overloaded. 


Additional References 


e Command-Line Syntax Key 


e tracert command 


pause 
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Suspends the processing of a batch program, displaying the prompt, Press any key to continue . . . 


Syntax 


pause 
Parameters 

PARAMETER DESCRIPTION 

P Displays help at the command prompt. 
Remarks 


e If you press CTRL+C to stop a batch program, the following message appears, Terminate batch job (Y/N)? . 
If you press Y (for yes) in response to this message, the batch program ends and control returns to the 
operating system. 


e You can insert the pause command before a section of the batch file that you might not want to process. 
When pause suspends processing of the batch program, you can press CTRL+C and then press Y to stop 
the batch program. 


Examples 


To create a batch program that prompts the user to change disks in one of the drives, type: 


@echo off 

:Begin 

copy as*.* 

echo Put a new disk into Drive A 
pause 

goto begin 


In this example, all the files on the disk in Drive A are copied to the current directory. After the message prompts 
you to put a new disk in Drive A, the pause command suspends processing so that you can change disks and then 
press any key to resume processing. This batch program runs in an endless loop—the goto begin command 
sends the command interpreter to the Begin label of the batch file. 


Additional References 


e Command-Line Syntax Key 


pbadmin 
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Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 
2003 with SP2 





IMPORTANT 


This command has been deprecated. 





Administers phone books. Used without parameters, pbadmin starts Phone Book Administrator. For descriptions 
and usage information, see pbadmin. 


Additional References 


e Command-Line Syntax Key 


pentnt 
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Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 
2003 with SP2 





IMPORTANT 


This command has been deprecated. 





Detects floating point division error (if present) in the Pentium chip, disables floating point hardware, and turns on 
floating point emulation. For descriptions and usage information, see pentnt. 


Additional References 


e Command-Line Syntax Key 


perfmon 
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Start Windows Reliability and Performance Monitor in a specific standalone mode. 


Syntax 





perfmon </res|report|rel|sys> 

















Parameters 
PARAMETER DESCRIPTION 
/res Starts the Resource View. 
/report Starts the System Diagnostics Data Collector Set and displays 
a report of the results. 
/rel Starts the Reliability Monitor. 
/sys Starts the Performance Monitor. 


Additional References 
e Command-Line Syntax Key 


e Windows Performance Monitor 


ping 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol (ICMP) 
echo Request messages. The receipt of corresponding echo Reply messages are displayed, along with round-trip 
times. ping is the primary TCP/IP command used to troubleshoot connectivity, reachability, and name resolution. 
Used without parameters, this command displays Help content. 


You can also use this command to test both the computer name and the IP address of the computer. If pinging the 
IP address is successful, but pinging the computer name isn't, you might have a name resolution problem. In this 
case, make sure the computer name you are specifying can be resolved through the local Hosts file, by using 
Domain Name System (DNS) queries, or through NetBIOS name resolution techniques. 





NOTE 


This command is available only if the Internet Protocol (TCP/IP) is installed as a component in the properties of a network 
adapter in Network Connections. 





Syntax 


ping [/t] [/a] [/n <count>] [/1 <size>] [/f] [/I <TTL>] [/v <TOS>] [/r <count>] [/s <count>] [{/j <hostlist> | 
/k <hostlist>}] [/w <timeout>] [/R] [/S <Srcaddr>] [/4] [/6] <targetname> 


Parameters 

PARAMETER DESCRIPTION 

/t Specifies ping continue sending echo Request messages to the 
destination until interrupted. To interrupt and display statistics, 
press CTRL+ENTER. To interrupt and quit this command, press 
CTRL+C. 

/a Specifies reverse name resolution be performed on the 
destination IP address. If this is successful, ping displays the 
corresponding host name. 

/n <count> Specifies the number of echo Request messages be sent. The 
default is 4. 

/| <size> Specifies the length, in bytes, of the Data field in the echo 


Request messages. The default is 32. The maximum size is 
65,527. 


PARAMETER 


/f 


/\ <TTL> 


IV. <TOS> 


/r <count> 


/S <count> 


/j <hostlist> 


/k <hostlist> 


/W <timeout> 


/R 


/S <Srcaddr> 


DESCRIPTION 


Specifies that echo Request messages are sent with the Do 
not Fragment flag in the IP header set to 1 (available on 
IPv4 only). The echo Request message can't be fragmented by 
routers in the path to the destination. This parameter is useful 
for troubleshooting path Maximum Transmission Unit (PMTU) 
problems. 


Specifies the value of the Time To Live (TTL) field in the IP 
header for echo Request messages sent. The default is the 
default TTL value for the host. The maximum 77Z is 255. 


Specifies the value of the Type Of Service (TOS) field in the IP 
header for echo Request messages sent (available on IPv4 
only). The default is 0. TOS'is specified as a decimal value from 
0 through 255. 


Specifies the Record Route option in the IP header is used to 
record the path taken by the echo Request message and 
corresponding echo Reply message (available on IPv4 only). 
Each hop in the path uses an entry in the Record Route 
option. If possible, specify a count equal to or greater than the 
number of hops between the source and destination. The 
count must be a minimum of 1 and a maximum of 9. 


Specifies that the Internet timestamp option in the IP 
header is used to record the time of arrival for the echo 
Request message and corresponding echo Reply message for 
each hop. The count must be a minimum of 1 and a maximum 
of 4. This is required for link-local destination addresses. 


Specifies the echo Request messages use the Loose Source 
Route option in the IP header with the set of intermediate 
destinations specified in hostlist (available on IPv4 only). With 
loose source routing, successive intermediate destinations can 
be separated by one or multiple routers. The maximum 
number of addresses or names in the host list is 9. The host 
list is a series of IP addresses (in dotted decimal notation) 
separated by spaces. 


Specifies the echo Request messages use the Strict Source 
Route option in the IP header with the set of intermediate 
destinations specified in hostlist (available on IPv4 only). With 
strict source routing, the next intermediate destination must 
be directly reachable (it must be a neighbor on an interface of 
the router). The maximum number of addresses or names in 
the host list is 9. The host list is a series of IP addresses (in 
dotted decimal notation) separated by spaces. 


Specifies the amount of time, in milliseconds, to wait for the 
echo Reply message corresponding to a given echo Request 
message. If the echo Reply message is not received within the 
time-out, the "Request timed out" error message is displayed. 
The default time-out is 4000 (4 seconds). 


Specifies the round-trip path is traced (available on IPv6 only). 


Specifies the source address to use (available on IPv6 only). 


PARAMETER 


/4 


/6 


<targetname> 


L 


Example of the ping command output 


C:\>ping example.microsoft.com 
pinging example.microsoft.com [192.168.239.132] 


Reply from 
Reply from 
Reply from 
Reply from 


Examples 


192.168.239.132: bytes=32 time=101ms 
192.168.239.132: bytes=32 time=100ms 
192.168.239.132: bytes=32 time=120ms 
192.168.239.132: bytes=32 time=120ms 


DESCRIPTION 


Specifies IPv4 used to ping. This parameter is not required to 
identify the target host with an IPv4 address. It is only 
required to identify the target host by name. 


Specifies IPv6 used to ping. This parameter is not required to 
identify the target host with an IPv6 address. It is only 
required to identify the target host by name. 


Specifies the host name or IP address of the destination. 


Displays help at the command prompt. 


with 32 bytes of data: 
TTL=124 
TTL=124 
TTL=124 
TTL=124 


To ping the destination 10.0.99.221 and resolve 10.0.99.221 to its host name, type: 


ping /a 10.0.99.221 


To ping the destination 10.0.99.221 with 10 echo Request messages, each of which has a Data field of 1000 bytes, 


type: 


ping /n 10 /1 1000 10.0.99.221 


To ping the destination 10.0.99.221 and record the route for 4 hops, type: 


ping /r 4 10.0.99.221 


To ping the destination 10.0.99.221 and specify the loose source route of 10.12.0.1-10.29.3.1-10.1.44.1, type: 


ping /j 10.12.0.1 10.29.3.1 10.1.44.1 10.0.99.221 


Additional References 


e Command-Line Syntax Key 


pnpunattend 
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Audits a computer for device drivers, and perform unattended driver installations, or search for drivers without 
installing and, optionally, report the results to the command line. Use this command to specify the installation of 
specific drivers for specific hardware devices. 


Prerequisites 


Preliminary preparation is required for older versions of the Windows operating system. Prior to using this 
command, you must complete the following tasks: 


1. Create a directory for the drivers you want to install. For example, create a folder at C:\Drivers\Video for 
video adapter drivers. 


2. Download and extract the driver package for your device. Copy the contents of the subfolder that contains 
the INF file for your version of the operating system and any subfolders to the video folder that you created. 
For example, copy the video driver files to C:\Drivers\Video. 


3. Add a system environment path variable to the folder you created in step 1.For example, C:\Drivers\Video. 
4. Create the following registry key, and then for the DriverPaths key you create, set the Value Data to 1. 


5. For Windows®) 7 navigate the registry path: HKEY_LOCAL_Machine\Software\Microsoft\Windows 
NT\CurrentVersion\, and then create the keys: UnattendSettings\PnPUnattend\DriverPaths\ 


Syntax 


PnPUnattend.exe auditsystem [/help] [/?] [/h] [/s] [/1] 


Parameters 
PARAMETER DESCRIPTION 
auditsystem Specifies online driver install. 
Required, except when this command is run with either 
the /help or /? parameters. 
/s Optional. Specifies to search for drivers without installing. 
Å Optional. Specifies to display the log information for this 
command in the command prompt. 
/? | /help Optional. Displays help for this command at the command 
prompt. 
Examples 


To command shows how to use the PNPUnattend.exe to audit a computer for possible driver updates, and then 
report the findings to the command prompt, type: 


pnpunattend auditsystem /s /1 


Additional References 


e Command-Line Syntax Key 


pnputil 
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Pnputil.exe is a command line utility that you can use to manage the driver store. You can use this command to add 
driver packages, remove driver packages, and list driver packages that are in the store. 


Syntax 


pnputil.exe [-f | -i] [ -? | -a | -d | -e ] <INF name> 


Parameters 
PARAMETER DESCRIPTION 
-a Specifies to add the identified INF file. 
-d Specifies to delete the identified INF file. 
-e Specifies to enumerate all third-party INF files. 
-f Specifies to force the deletion of the identified INF file. Can't be 
used in conjunction with the -i parameter. 
-i Specifies to install the identified INF file. Can't be used in 
conjunction with the -f parameter. 
/? Displays help at the command prompt. 
Examples 


To add an INF file, named USBCAM.INF, type: 


pnputil.exe -a a:\usbcam\USBCAM. INF 


To add all INF files, located in c:\drivers, type: 


pnputil.exe -a c:\drivers\*.inf 


To add and install the USBCAM.INF driver, type: 


pnputil.exe -i -a a:\usbcam\USBCAM. INF 


To enumerate all third-party drivers, type: 


pnputil.exe -e 


To delete the INF file and driver named oem0.inf, type: 


pnputil.exe -d oem@.inf 


Additional References 
e Command-Line Syntax Key 


e popd command 


popd 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


The popd command changes the current directory to the directory that was most recently stored by the pushd 
command. 


Every time you use the pushd command, a single directory is stored for your use. However, you can store multiple 
directories by using the pushd command multiple times. The directories are stored sequentially in a virtual stack, 
so if you use the pushd command once, the directory in which you use the command is placed at the bottom of 
the stack. If you use the command again, the second directory is placed on top of the first one. The process repeats 
every time you use the pushd command. 


If you use the popd command, the directory on the top of the stack is removed and the current directory is 
changed to that directory. If you use the popd command again, the next directory on the stack is removed. If 
command extensions are enabled, the popd command removes any drive-letter assignations created by the 
pushd command. 


Syntax 


popd 
Parameters 
PARAMETER DESCRIPTION 
pP Displays help at the command prompt. 
Examples 


To change the current directory from the one in which the batch program was run, and then to change it back, 
type: 


@echo off 

rem This batch file deletes all .txt files in a specified directory 
pushd %1 

del * txt 

popd 

cls 

echo All text files deleted in the %1 directory 


Additional References 
e Command-Line Syntax Key 


e pushd 


PowerShell 
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Windows PowerShell is a task-based command-line shell and scripting language designed especially for system 
administration. Built on the .NET Framework, Windows PowerShell helps IT professionals and power users control 
and automate the administration of the Windows operating system and applications that run on Windows. 


Using PowerShell.exe 


The PowerShell.exe command-line tool starts a Windows PowerShell session in a Command Prompt window. 
When you use PowerShell.exe, you can use its optional parameters to customize the session. For example, you 
can start a session that uses a particular execution policy or one that excludes a Windows PowerShell profile. 
Otherwise, the session is the same as any session that is started in the Windows PowerShell console. 


e To start a Windows PowerShell session in a Command Prompt window, type PowerShell .A PS prefix is 
added to the command prompt to indicate that you are in a Windows PowerShell session. 


e To start a session with a particular execution policy, use the ExecutionPolicy parameter, and type: 


PowerShell.exe -ExecutionPolicy Restricted 


e To start a Windows PowerShell session without your Windows PowerShell profiles, use the NoProfile 
parameter, and type: 


PowerShell.exe -NoProfile 


e To start a session, use the ExecutionPolicy parameter, and type: 


PowerShell.exe -ExecutionPolicy Restricted 
e To see the PowerShell.exe help file, type: 


PowerShell.exe -help 
PowerShell.exe -? 
PowerShell.exe /? 


e@ To end a Windows PowerShell session in a Command Prompt window, type exit . The typical command 
prompt returns. 
Remarks 


e For acomplete list of the PowerShell.exe command-line parameters, see about_PowerShell.Exe. 
e For information about other ways to start Windows PowerShell, see Starting Windows PowerShell. 


e Windows PowerShell runs on the Server Core installation option of Windows Server operating systems. 
However, features that require a graphic user interface, such as the Windows PowerShell Integrated 
Scripting Environment (ISE), and the Out-GridView and Show-Command cmdlets, don't run on Server Core 
installations. 


Additional References 
e about PowerShell.Exe 
e about PowerShell Ise.exe 


e Windows PowerShell 


PowerShell ise 
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Windows PowerShell Integrated Scripting Environment (ISE) is a graphical host application that enables you to 
read, write, run, debug, and test scripts and modules in a graphic-assisted environment. Key features such as 
Intellisense, Show-Command, snippets, tab completion, syntax-coloring, visual debugging, and context-sensitive 
Help provide a rich scripting experience. 


Using PowerShell.exe 


The PowerShell ISE.exe tool starts a Windows PowerShell ISE session. When you use PowerShell ISE.exe, you 
can use its optional parameters to open files in Windows PowerShell ISE or to start a Windows PowerShell ISE 
session with no profile or with a multithreaded apartment. 


e To start a Windows PowerShell ISE session in a Command Prompt window, in Windows PowerShell, or at the 
Start menu, type: 


PowerShell_Ise.exe 


e To open a script (.ps1), script module (.9sm1), module manifest (.psd1), XML file, or any other supported file 
in Windows PowerShell ISE, type: 


PowerShell_Ise.exe <filepath> 


In Windows PowerShell 3.0, you can use the optional File parameter as follows: 


PowerShell_Ise.exe -file <filepath> 


e To start a Windows PowerShell ISE session without your Windows PowerShell profiles, use the NoProfile 
parameter. (The NoProfile parameter is introduced in Windows PowerShell 3.0.), type: 


PowerShell_Ise.exe -NoProfile 
e To see the PowerShell ISE.exe help file, type: 


PowerShell Ise.exe -help 
PowerShell Ise.exe -? 
PowerShell Ise.exe /? 


Remarks 


e Fora complete list of the PowerShell ISE.exe command-line parameters, see about PowerShell Ise.Exe. 
e For information about other ways to start Windows PowerShell, see Starting Windows PowerShell. 


e Windows PowerShell runs on the Server Core installation option of Windows Server operating systems. 
However, because Windows PowerShell ISE requires a graphic user interface, it does not run on Server Core 
installations. 


Additional References 


e about PowerShell Ise.exe 


print 
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Sends a text file to a printer. A file can print in the background if you send it to a printer connected to a serial or 


parallel port on the local computer. 


NOTE 


You can perform many configuration tasks from the command prompt by using the Mode command, including configuring a 


printer connected to a parallel or a serial port, displaying printer status, or preparing a printer for code page switching. 


Syntax 


print [/d:<printername>] [<drive>:][<path>]<filename>[ . 


Parameters 


PARAMETER 


/d: <printername> 


<drive> : 


<path> 


<filename>[ ...] 


it 


Examples 





| 


DESCRIPTION 


Specifies the printer that you want to print the job. To print to 
a locally connected printer, specify the port on your computer 
where the printer is connected. Valid values for parallel ports 
are LPT1, LPT2, and LPT3. Valid values for serial ports are 
COM1, COM2, COM3, and COM4. You can also specify a 
network printer by using its queue name ( 

\\server_name\printer_name ). If you don't specify a printer, 
the print job is sent to LPT1 by default. 


Specifies the logical or physical drive where the file you want 
to print is located. This parameter isn't required if the file you 
want to print is located on the current drive. 


Specifies the location of the file you want to print. This 
parameter isn't required if the file you want to print is located 
in the current directory. 


Required. Specifies the file you want to print. You can include 
multiple files in one command. 


Displays help at the command prompt. 


To send the report.txt file, located in the current directory, to a printer connected to Ipt2 on the local computer, 


type: 


print /d:lpt2 report.txt 


To send the report.txt file, located in the c:\accounting directory, to the printer1 print queue on the 


/d:\copyroom server, type: 


print /d:\\copyroom\printer1 c:\accounting\report.txt 


Additional References 


e Command-Line Syntax Key 
e Print Command Reference 


e Mode command 


prncnfg 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Configures or displays configuration information about a printer. This command is a Visual Basic script located in 
the %WwINdir%\System32\printing_Admin_Scripts\<language> directory. To use this command at a command prompt, 
type cscript followed by the full path to the prncnfg file, or change directories to the appropriate folder. For 
example: cscript *WINdir%\System32\printing Admin_Scripts\en-US\prncnfg . 


Syntax 


cscript prncnfg {-g | -t | -x | -?} [-S <Servername>] [-P <Printername>] [-z <newprintername>] [-u <Username>] 
[-w <password>] [-r <portname>] [-1 <location>] [-h <sharename>] [-m <comment>] [-f <separatorfilename>] [-y 
<datatype>] [-st <starttime>] [-ut <untiltime>] [-i <defaultpriority>] [-o <priority>] [<+|->shared] [<+|- 
>direct] [<+|->hidden] [<+|->published] [<+|->rawonly] [<+|->queued] [<+|->enablebidi] [<+|->keepprintedjobs] 
[<+|->workoffline] [<+|->enabledevq] [<+|->docompletefirst] 


Parameters 

PARAMETER DESCRIPTION 

-g Displays configuration information about a printer. 

-t Configures a printer. 

-X Renames a printer. 

-S <Servername> Specifies the name of the remote computer that hosts the 
printer that you want to manage. If you don't specify a 
computer, the local computer is used. 

-P <Printername> Specifies the name of the printer that you want to manage. 
Required. 

-Z <newprintername> Specifies the new printer name. Requires the -x and -P 
parameters. 

-u <Username> -W <password> Specifies an account with permissions to connect to the 
computer that hosts the printer that you want to manage. All 
members of the target computer's local Administrators group 
have these permissions, but the permissions can also be 
granted to other users. If you don't specify an account, you 
must be logged on under an account with these permissions 
for the command to work. 

-f <portname> Specifies the port where the printer is connected. If this is a 


parallel or a serial port, then use the ID of the port (for 
example, LPT1 or COM1). If this is a TCP/IP port, use the port 
name that was specified when the port was added. 


PARAMETER 


-I «location» 


-h <«sharename> 


-M <comment> 


-f <separatorfilename> 


-y <datatype> 


-st <starttime> 


-ut <endtime> 


-O <priority> 


-i <defaultpriority> 
{+|-} shared 
{+|-} direct 


{+|-} published 


{+|-} hidden 


{+|-} rawonly 


{+|-} }queued 


DESCRIPTION 


Specifies the printer location, such as Copyroom. If the 
location contains spaces, use quotation marks around the 
text, such as "Copy Room". 


Specifies the printer's share name. 


Specifies the printer's comment string. 


Specifies a file that contains the text that appears on the 
separator page. 


Specifies the data types that the printer can accept. 


Configures the printer for limited availability. Specifies the time 
of day the printer is available. If you send a document to a 
printer when it is unavailable, the document is held (spooled) 
until the printer becomes available. You must specify time as a 
24-hour clock. For example, to specify 11:00 PM., type 2300. 


Configures the printer for limited availability. Specifies the time 
of day the printer is no longer available. If you send a 
document to a printer when it is unavailable, the document is 
held (spooled) until the printer becomes available. You must 
specify time as a 24-hour clock. For example, to specify 11:00 
PM., type 2300. 


Specifies a priority that the spooler uses to route print jobs 
into the print queue. A print queue with a higher priority 
receives all its jobs before any queue with a lower priority. 


Specifies the default priority assigned to each print job. 


Specifies whether this printer is shared on the network. 


Specifies whether the document should be sent directly to the 
printer without being spooled. 


Specifies whether this printer should be published in active 
directory. If you publish the printer, other users can search for 
it based on its location and capabilities (such as color printing 
and stapling). 


Reserved function. 


Specifies whether only raw data print jobs can be spooled in 
this queue. 


Specifies that the printer should not begin to print until after 
the last page of the document is spooled. The printing 
program is unavailable until the document has finished 
printing. However, using this parameter ensures that the 
whole document is available to the printer. 


PARAMETER DESCRIPTION 


{+|-} keepprintedjobs Specifies whether the spooler should retain documents after 
they are printed. Enabling this option allows a user to 
resubmit a document to the printer from the print queue 
instead of from the printing program. 


{+|-} workoffline Specifies whether a user is able to send print jobs to the print 
queue if the computer is not connected to the network. 


{+|-} enabledevq Specifies whether print jobs that don't match the printer setup 
(for example, PostScript files spooled to non-PostScript 
printers) should be held in the queue rather than being 
printed. 


{+|-} docompletefirst Specifies whether the spooler should send print jobs with a 
lower priority that have completed spooling before sending 
print jobs with a higher priority that have not completed 
spooling. If this option is enabled and no documents have 
completed spooling, the spooler will send larger documents 
before smaller ones. You should enable this option if you want 
to maximize printer efficiency at the cost of job priority. If this 
option is disabled, the spooler always sends higher priority 
jobs to their respective queues first. 


{+|-} enablebidi Specifies whether the printer sends status information to the 
spooler. 
/? Displays help at the command prompt. 
Examples 


To display configuration information for the printer named co/orprinter_2 with a print queue hosted by the remote 
computer named HRServer, type: 


cscript prncnfg -g -S HRServer -P colorprinter_2 


To configure a printer named co/orprinter_2 so that the spooler in the remote computer named HRServer keeps 
print jobs after they have been printed, type: 


cscript prncnfg -t -S HRServer -P colorprinter_2 +keepprintedjobs 


To change the name of a printer on the remote computer named HRServer from colorprinter 2 to colorprinter 3, 


type: 


cscript prncnfg -x -S HRServer -P colorprinter_2 -z "colorprinter 3" 


Additional References 


e Command-Line Syntax Key 


e Print Command Reference 


prndrvr 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Adds, deletes, and lists printer drivers. This command is a Visual Basic script located in the 
%WINdir%\System32\printing_Admin_Scripts\<language> directory. To use this command at a command prompt, type 

cscript followed by the full path to the prndrvr file, or change directories to the appropriate folder. For example: 
cscript Z“WINdir%\System32\printing_Admin_Scripts\en-US\prndrvr . 


Used without parameters, prndrvr displays command-line help. 


Syntax 


cscript prndrvr {-a | -d | -1 | -x | -?} [-m <model>] [-v {@]1|2|3}] [-e <environment>] [-s <Servername>] [-u 
<Username>] [-w <password>] [-h <path>] [-i <inf file>] 


Parameters 


PARAMETER DESCRIPTION 
-a Installs a driver. 
-d Deletes a driver. 


- Lists all printer drivers installed on the server specified by the 
-s parameter. If you don't specify a server, Windows lists the 
printer drivers installed on the local computer. 


-X Deletes all printer drivers and additional printer drivers not in 
use by a logical printer on the server specified by the -s 
parameter. If you don't specify a server to remove from the 
list, Windows deletes all unused printer drivers on the local 
computer. 


-m <model_name> Specifies (by name) the driver you want to install. Drivers are 
often named for the model of printer they support. See the 
printer documentation for more information. 


-v {0@|1|2|3} Specifies the version of the driver you want to install. See the 
description of the -eparameter for information on which 
versions are available for which environment. If you don't 
specify a version, the version of the driver appropriate for the 
version of Windows running on the computer where you are 
installing the driver is installed. 


PARAMETER 


-e <environment> 


-S <Servername> 


-u <Username> -W <password> 


-h <path> 


-i <filename.inf> 


P? 


Remarks 


DESCRIPTION 


Specifies the environment for the driver you want to install. If 
you don't specify an environment, the environment of the 
computer where you are installing the driver is used. The 
supported environment parameters are: Windows NT x86, 
Windows x64 or Windows IA64. 


Specifies the name of the remote computer that hosts the 
printer that you want to manage. If you don't specify a 
computer, the local computer is used. 


Specifies an account with permissions to connect to the 
computer that hosts the printer that you want to manage. All 
members of the target computer's local Administrators group 
have these permissions, but the permissions can also be 
granted to other users. If you don't specify an account, you 
must be logged on under an account with these permissions 
for the command to work. 


Specifies the path to the driver file. If you don't specify a path, 
the path to the location where Windows was installed is used. 


Specifies the complete path and file name for the driver you 
want to install. If you don't specify a file name, the script uses 
one of the inbox printer .inf files in the inf subdirectory of the 
Windows directory. 


if the driver path is not specified, the script searches for 
driver files in the driver.cab file. 


Displays help at the command prompt. 


e If the information that you supply contains spaces, use quotation marks around the text (for example, 


"Computer Name"). 


e The -x parameter deletes all additional printer drivers (drivers installed for use on clients running alternate 


versions of Windows), even if the primary driver is in use. If the fax component is installed, this option also 


deletes fax drivers. The primary fax driver is deleted if it is not in use (that is, if there is no queue using it). If 


the primary fax driver is deleted, the only way to re-enable fax is to reinstall the fax component. 


Examples 


To list all drivers on the local \printServer1 server, type: 


cscript prndrvr -1 -s 


To add a version 3 Windows x64 printer driver for the Laser printer model 1 model of printer using the 


c\temp\Laserprinter1.inf driver information file for a driver stored in the c:\temp folder, type: 


cscript prndrvr -a -m Laser printer model 1 -v 3 -e Windows x64 -i c:\temp\Laserprinter1.inf -h c:\temp 


To delete a version 3 Windows x64 printer driver for Laser printer model 1, type: 


cscript prndrvr -a -m Laser printer model 1 -v 3 -e Windows x64 


Additional References 
e Command-Line Syntax Key 


e Print Command Reference 


prnjobs 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Pauses, resumes, cancels, and lists print jobs. This command is a Visual Basic script located in the 
%WINdir%\System32\printing_Admin_Scripts\<language> directory. To use this command at a command prompt, type 

cscript followed by the full path to the prnjobs file, or change directories to the appropriate folder. For example: 
cscript “WINdir%\System32\printing Admin_Scripts\en-US\prnjobs.vbs . 


Syntax 


cscript prnjobs {-z | -m | -x | -1 | -?) [-s <Servername>] [-p <Printername>] [-j <JobID>] [-u <Username>] [-w 
<password>] 
Parameters 
PARAMETER DESCRIPTION 
-Z Pauses the print job specified by the -j parameter. 
-m Resumes the print job specified by the -j parameter. 
-X Cancels the print job specified by the -j parameter. 


- Lists all the print jobs in a print queue. 


-S <Servername> Specifies the name of the remote computer that hosts the 
printer that you want to manage. If you don't specify a 
computer, the local computer is used. 


-p <Printername> Required. Specifies the name of the printer that you want to 
manage. 

-j <JobID> Specifies (by ID number) the print job you want to cancel. 

-u <Username> -W <password> Specifies an account with permissions to connect to the 


computer that hosts the printer that you want to manage. All 
members of the target computer's local Administrators group 
have these permissions, but the permissions can also be 
granted to other users. If you don't specify an account, you 
must be logged on under an account with these permissions 
for the command to work. 


P Displays help at the command prompt. 


Remarks 


e If the information that you supply contains spaces, use quotation marks around the text (for example, 
"Computer Name"). 


Examples 
To pause a print job with a job ID of 27 sent to the remote computer named HRServer for printing on the printer 
named colorprinter, type: 

cscript prnjobs.vbs -z -s HRServer -p colorprinter -j 27 


To list all current print jobs in the queue for the local printer named colorprinter_2, type: 


cscript prnjobs.vbs -1 -p colorprinter_2 


Additional References 


e Command-Line Syntax Key 


e Print Command Reference 


prnmngr 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Adds, deletes, and lists printers or printer connections, in addition to setting and displaying the default printer. This 
command is a Visual Basic script located in the %wINdir%\System32\printing_Admin_Scripts\<language> directory. To 
use this command at a command prompt, type cscript followed by the full path to the prnmngr file, or change 
directories to the appropriate folder. For example: cscript %WINdir%System32Yprinting Admin ScriptsVen-USVprnmngr . 


Syntax 


cscript prnmngr (-a | -d | -x | -g | -t | -1 | -?}[c] [-s <Servername>] [-p <Printername>] [-m <printermodel>] 
[-r <portname>] [-u <Username>] 
[-w <password>] 


Parameters 

PARAMETER DESCRIPTION 

-a Adds a local printer connection. 

-d Deletes a printer connection. 

-X Deletes all printers from the server specified by the -s 
parameter. If you don't specify a server, Windows deletes all 
printers on the local computer. 

-g Displays the default printer. 

-t Sets the default printer to the printer specified by the -p 
parameter. 

- Lists all printers installed on the server specified by the -s 
parameter. If you don't specify a server, Windows lists the 
printers installed on the local computer. 

c Specifies that the parameter applies to printer connections. 
Can be used with the -a and -x parameters. 

-S <Servername> Specifies the name of the remote computer that hosts the 
printer that you want to manage. If you don't specify a 
computer, the local computer is used. 

-p <Printername> Specifies the name of the printer that you want to manage. 

-M <Modelname> Specifies (by name) the driver you want to install. Drivers are 


often named for the model of printer they support. See the 
printer documentation for more information. 


PARAMETER DESCRIPTION 


-r <portname> Specifies the port where the printer is connected. If this is a 
parallel or a serial port, use the ID of the port (for example, 
LPT1: or COM1:). If this is a TCP/IP port, use the port name 
that was specified when the port was added. 


-u <Username> -W <password> Specifies an account with permissions to connect to the 
computer that hosts the printer that you want to manage. All 
members of the target computer's local Administrators group 
have these permissions, but the permissions can also be 
granted to other users. If you don't specify an account, you 
must be logged on under an account with these permissions 
for the command to work. 


/? Displays help at the command prompt. 


Remarks 


e If the information that you supply contains spaces, use quotation marks around the text (for example, 
"Computer Name’). 


Examples 
To add a printer named colorprinter_2 that is connected to LPT1 on the local computer and requires a printer driver 
called color printer Driver1, type: 

cscript prnmngr -a -p colorprinter 2 -m "color printer Driver1" -r lpt1: 


To delete the printer named colorprinter 2 from the remote computer named HRSer ver, type: 


cscript prnmngr -d -s HRServer -p colorprinter 2 


Additional References 


e Command-Line Syntax Key 


e Print Command Reference 


prnport 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates, deletes, and lists standard TCP/IP printer ports, in addition to displaying and changing port configuration. 
This command is a Visual Basic script located in the %wINdir%\System32\printing_Admin_Scripts\<language> 
directory. To use this command at a command prompt, type cscript followed by the full path to the prnport file, or 
change directories to the appropriate folder. For example: 


cscript *WINdir%\System32\printing Admin_Scripts\en-US\prnport . 


Syntax 


cscript prnport {-a | -d | -1 | -g | -t | -?} [-r <portname>] [-s <Servername>] [-u <Username>] [-w 
<password>] [-0 {raw | lpr)] [-h <Hostaddress>] [-q <Queuename>] [-n <portnumber>] -mfe | d) [-i <SNMPindex>] 
[-y <communityname>] -2{e | -d} 

Parameters 
PARAMETER DESCRIPTION 
-a Creates a standard TCP/IP printer port. 
-d Deletes a standard TCP/IP printer port. 


- Lists all standard TCP/IP printer ports on the computer 
specified by the -s parameter. 


-g Displays the configuration of a standard TCP/IP printer port. 

-t Configures the port settings for a standard TCP/IP printer 
port. 

-r <portname> Specifies the port to which the printer is connected. 

-S <Servername> Specifies the name of the remote computer that hosts the 


printer that you want to manage. If you don't specify a 
computer, the local computer is used. 


-u <Username> -W <password> Specifies an account with permissions to connect to the 
computer that hosts the printer that you want to manage. All 
members of the target computer's local Administrators group 
have these permissions, but the permissions can also be 
granted to other users. If you don't specify an account, you 
must be logged on under an account with these permissions 
for the command to work. 


PARAMETER DESCRIPTION 


-0 (raw|lpr) Specifies which protocol the port uses: TCP raw or TCP lpr. The 
TCP raw protocol is a higher performance protocol on 
Windows than the lpr protocol. If you use TCP raw, you can 
optionally specify the port number by using the -n parameter. 
The default port number is 9100. 


-h <Hostaddress> Specifies (by IP address) the printer for which you want to 
configure the port. 


-q <Queuename> Specifies the queue name for a TCP raw port. 


-N <portnumber> Specifies the port number for a TCP raw port. The default port 
number is 9100. 


-m {e|d} Specifies whether SNMP is enabled. The parameter e enables 
SNMP The parameter d disables SNMP 


-i <SNMPindex Specifies the SNMP index, if SNMP is enabled. For more 
information, see Rfc 1759 at the Rfc editor website. 


-y <communityname> Specifies the SNMP community name, if SNMP is enabled. 


-2 {e|-d} Specifies whether double spools (also known as respooling) 
are enabled for TCP lpr ports. Double spools are necessary 
because TCP lpr must include an accurate byte count in the 
control file that is sent to the printer, but the protocol cannot 
get the count from the local print provider. Therefore, when a 
file is spooled to a TCP lpr print queue, it is also spooled as a 
temporary file in the system32 directory. TCP lpr determines 
the size of the temporary file and sends the size to the server 
running LPD. The parameter e enables double spools. The 
parameter d disables double spools. 


/? Displays help at the command prompt. 


Remarks 


e If the information that you supply contains spaces, use quotation marks around the text (for example, 
"Computer Name’). 


Examples 


To display all standard TCP/IP printing ports on the server \Server1, type: 


cscript prnport -1 -s Server1 


To delete the standard TCP/IP printing port on the server \Server1 that connects to a network printer at 10.2.3.4, 


type: 


cscript prnport -d -s Server1 -r IP 19.2.3.4 


To add a standard TCP/IP printing port on the server \Server1 that connects to a network printer at 10.2.3.4 and 
uses the TCP raw protocol on port 9100, type: 


cscript prnport -a -s Server1 -r IP 19.2.3.4 -h 10.2.3.4 -0 raw -n 9100 


To enable SNMP specify the "public" community name and set the SNMP index to 1 on a network printer at 
10.2.3.4 shared by the server \Server1, type: 


cscript prnport -t -s Server1 -r IP_10.2.3.4 -me -y public -i 1 -n 9100 


To add a standard TCP/IP printing port on the local computer that connects to a network printer at 10.2.3.4 and 
automatically get the device settings from the printer, type: 


cscript prnport -a -r IP_10.2.3.4 -h 10.2.3.4 


Additional References 
e Command-Line Syntax Key 


e Print Command Reference 


prnaet! 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Prints a test page, pauses or resumes a printer, and clears a printer queue. This command is a Visual Basic script 
located in the %wINdir%\System32\printing_Admin_Scripts\<language> directory. To use this command at a command 


prompt, type cscript followed by the full path to the prnqctl file, or change directories to the appropriate folder. 
For example: cscript “WINdir%\System32\printing Admin_Scripts\en-US\prnqctl . 


Syntax 


cscript Prngctl {-z | -m | -e | -x | -?} [-s <Servername>] [-p <Printername>] [-u <Username>] [-w <password>] 
Parameters 

PARAMETER DESCRIPTION 

-Z Pauses printing on the printer specified by the -p parameter. 

-m Resumes printing on the printer specified by the -p parameter. 

-e Prints a test page on the printer specified by the -p 
parameter. 

-X Cancels all print jobs on the printer specified by the -p 
parameter. 

-S <Servername> Specifies the name of the remote computer that hosts the 


printer that you want to manage. If you don't specify a 
computer, the local computer is used. 


-p <Printername> Required. Specifies the name of the printer that you want to 
manage. 
-U <Username> -W <password> Specifies an account with permissions to connect to the 


computer that hosts the printer that you want to manage. All 
members of the target computer's local Administrators group 
have these permissions, but the permissions can also be 
granted to other users. If you don't specify an account, you 
must be logged on under an account with these permissions 
for the command to work. 


/? Displays help at the command prompt. 


Remarks 


e If the information that you supply contains spaces, use quotation marks around the text (for example, 
"Computer Name"). 


Examples 


To print a test page on the Laserprinter1 printer shared by the \Server1 computer, type: 
cscript prnqctl -e -s Server1 -p Laserprinter1 

To pause printing on the Laserprinter1 printer on the local computer, type: 
cscript prnqctl -z -p Laserprinter1 

To cancel all print jobs on the Laserprinter1 printer on the local computer, type: 


cscript prnqctl -x -p Laserprinter1 


Additional References 


e Command-Line Syntax Key 


e Print Command Reference 


prompt 


11/2/2020 * 2 minutes to read * Edit Online 





Changes the Cmd.exe command prompt, including displaying any text you want, such as the name of the current 
directory, the time and date, or the Microsoft Windows version number. If used without parameters, this command 
resets the command prompt to the default setting, which is the current drive letter and directory followed by the 
greater than symbol (>). 


Syntax 


prompt [<text>] 


Parameters 
PARAMETER DESCRIPTION 
<text> Specifies the text and information that you want to include in 
the command prompt. 
/? Displays help at the command prompt. 
Remarks 


e The character combinations you can include instead of, or in addition to, one or more character strings in the 


text parameter: 
CHARACTER DESCRIPTION 
$q = (Equal sign) 
$$ $ (Dollar sign) 
$t Current time 
$d Current date 
$p Current drive and path 
$v Windows version number 
$n Current drive 
$g > (Greater than sign) 
$I < (Less than sign) 
$b | (Pipe symbol) 


$_ ENTER-LINEFEED 


CHARACTER DESCRIPTION 


$e ANSI escape code (code 27) 


$h Backspace (to delete a character that has been written to 
the command line) 


$a & (Ampersand) 

$c ( (Left parenthesis) 
$f ) (Right parenthesis) 
$s Space 


e When command extensions are enabled the prompt command supports the following formatting 


characters: 
CHARACTER DESCRIPTION 
$+ Zero or more plus sign (+) characters, depending on the 
depth of the pushd directory stack (one character for 
each level pushed). 
$m The remote name associated with the current drive letter 


or the empty string if current drive is not a network drive. 


e Ifyou include the $p character in the text parameter, your disk is read after you enter each command (to 
determine the current drive and path). This can take extra time, especially for floppy disk drives. 


Examples 
To set a two-line command prompt with the current time and date on the first line and the greater than sign on the 
next line, type: 
prompt $d$s$s$t$ $g 
The prompt is changed as follows, where the date and time are current: 
Fri 06/01/2007 13:53:28.91 
To set the command prompt to display as an arrow ( --> ), type: 


prompt --$g 


To manually change the command prompt to the default setting (the current drive and path followed by the greater 
than sign), type: 


prompt $p$g 


Additional References 


e Command-Line Syntax Key 


pubprn 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Publishes a printer to the Active Directory Domain Services. This command is a Visual Basic script located in the 
%WINdir%\System32\printing_Admin_Scripts\<language> directory. To use this command at a command prompt, type 

cscript followed by the full path to the pubprn file, or change directories to the appropriate folder. For example: 
cscript “WINdir%\System32\printing_Admin_Scripts\en-US\pubprn . 


Syntax 


cscript pubprn {<servername> | <UNCprinterpath>} LDAP: //CN=<container>,DC=<container> 


Parameters 
PARAMETER DESCRIPTION 
<servername> Specifies the name of the Windows server that hosts the 
printer that you want to publish. If you don't specify a 
computer, the local computer is used. 
<UNCprinterpath> The Universal Naming Convention (UNC) path to the shared 
printer that you want to publish. 
LDAP: //CN=<Container>,DC=<Container> Specifies the path to the container in Active Directory Domain 
Services where you want to publish the printer. 
R Displays help at the command prompt. 
Remarks 


e If the information that you supply contains spaces, use quotation marks around the text (for example, 
"Computer Name"). 


Examples 
To publish all printers on the \Server1 computer to the MyContainer container in the MyDomain.company.com 
domain, type: 


cscript pubprn Server1 LDAP://CN=MyContainer , DC=MyDomain, DC=company , DC=Com 


To publish the Laserprinter1 printer on the \\Server1 server to the MyContainer container in the 
MyDomain.company.com domain, type: 


cscript pubprn \\Serveri1\Laserprinter1 LDAP: //CN=MyContainer , DC=MyDomain ,DC=company , DC=Com 


Additional References 


e Command-Line Syntax Key 


e Print Command Reference 


pushd 
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Stores the current directory for use by the popd command, and then changes to the specified directory. 


Every time you use the pushd command, a single directory is stored for your use. However, you can store multiple 
directories by using the pushd command multiple times. The directories are stored sequentially in a virtual stack, 
so if you use the pushd command once, the directory in which you use the command is placed at the bottom of 
the stack. If you use the command again, the second directory is placed on top of the first one. The process repeats 
every time you use the pushd command. 


If you use the popd command, the directory on the top of the stack is removed and the current directory is 
changed to that directory. If you use the popd command again, the next directory on the stack is removed. If 
command extensions are enabled, the popd command removes any drive-letter assignations created by the 
pushd command. 


Syntax 


pushd [<path>] 


Parameters 
PARAMETER DESCRIPTION 
<path> Specifies the directory to make the current directory. This 
command supports relative paths. 
nR Displays help at the command prompt. 
Remarks 


e |f command extensions are enabled, the pushd command accepts either a network path or a local drive 
letter and path. 


e If you specify a network path, the pushd command temporarily assigns the highest unused drive letter 
(starting with Z:) to the specified network resource. The command then changes the current drive and 
directory to the specified directory on the newly assigned drive. If you use the popd command with 
command extensions enabled, the popd command removes the drive-letter assignation created by pushd. 


Examples 


To change the current directory from the one in which the batch program was run, and then to change it back: 


@echo off 

rem This batch file deletes all .txt files in a specified directory 
pushd %1 

dele txt 

popd 

cls 

echo All text files deleted in the %1 directory 


Additional References 


e Command-Line Syntax Key 


e popd command 


pushprinterconnections 
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Reads Deployed Printer Connection settings from Group Policy and deploys/removes printer connections as 
needed. 





IMPORTANT 


This utility is for use in machine startup or user logon scripts, and shouldn't be run from the command line. 





Syntax 


pushprinterconnections <-log> <-?> 


Parameters 
PARAMETER DESCRIPTION 
<-log> Writes a per user debug log file to %temp, or writes a per 
machine debug log to %windiir%\temp. 
<-?> Displays Help at the command prompt. 


Additional References 


e Command-Line Syntax Key 
e Print Command Reference 


e Deploy Printers by Using Group Policy 


pwlauncher 
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Enables or disables the Windows To Go Startup Options (pwlauncher). The pwlauncher command-line tool allows 
you to configure the computer to boot into a Windows To Go workspace automatically (assuming one is present), 
without requiring you to enter your firmware or change your startup options. 


Windows To Go Startup Options allow a user to configure their computer to boot from USB from within Windows- 
without ever entering their firmware, as long as their firmware supports booting from USB. Enabling a system to 
always boot from USB first has implications that you should consider. For example, a USB device that includes 
malware could be booted inadvertently to compromise the system, or multiple USB drives could be plugged in to 
cause a boot conflict. For this reason, the default configuration has the Windows To Go Startup Options disabled by 
default. In addition, administrator privileges are required to configure Windows To Go Startup Options. If you 
enable the Windows To Go startup options using the pwlauncher command-line tool or the Change Windows To 
Go Startup Options app the computer will attempt to boot from any USB device that is inserted into the 
computer before it is started. 


Syntax 


pwlauncher {/enable | /disable} 


Parameters 

PARAMETER DESCRIPTION 

/enable Enables Windows To Go startup options, so the computer will 
automatically boot from a USB device when present. 

/disable Disables Windows To Go startup options, so the computer 
can't be booted from a USB device unless configured manually 
in the firmware. 

/? Displays help at the command prompt. 

Examples 


To enable boot from USB: 


pwlauncher /enable 


Additional References 


e Command-Line Syntax Key 


Qappsrv 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays a list of all Remote Desktop Session Host servers on the network. To find out what's new in the latest 
version, see What's New in Remote Desktop Services in Windows Server. 


NOTE 


This command is the same as the query termserver command. 





Additional References 
e Command-Line Syntax Key 
e query termserver command 


e Remote Desktop Services (Terminal Services) Command Reference 


gprocess 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about processes that are running on a Remote Desktop Session Host server. To find out 
what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 


NOTE 


This command is the same as the query process command. 





Additional References 
e Command-Line Syntax Key 
e query process command 


e Remote Desktop Services (Terminal Services) Command Reference 


query commands 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about processes, sessions, and Remote Desktop Session Host servers. To find out what's new 
in the latest version, see What's New in Remote Desktop Services in Windows Server. 


Syntax 


query process 
query session 
query termserver 
query user 


Parameters 

PARAMETER DESCRIPTION 

query process Displays information about processes running on an Remote 
Desktop Session Host server. 

query session Displays information about sessions on a Remote Desktop 
Session Host server. 

query termserver Displays a list of all Remote Desktop Session Host servers on 
the network. 

query user Displays information about user sessions on a Remote 


Desktop Session Host server. 


Additional References 


e Command-Line Syntax Key 


e Remote Desktop Services (Terminal Services) Command Reference 


query process 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about processes that are running on a Remote Desktop Session Host server. You can use this 
command to find out which programs a specific user is running, and also which users are running a specific 
program. This command returns the following information: 


e User who owns the process 

e Session that owns the process 
e |D ofthe session 

e Name of the process 


e ID of the process 





NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 





Syntax 


query process [*|<processID>|<username>|<sessionname>|/id:<nn>|<programname>] [/server:<servername> ] 


Parameters 
PARAMETER DESCRIPTION 
7 Lists the processes for all sessions. 
<processID> Specifies the numeric ID identifying the process that you want 
to query. 
<username> Specifies the name of the user whose processes you want to 
list. 
<sessionname> Specifies the name of the active session whose processes you 
want to list. 
/id: <nn> Specifies the ID of the session whose processes you want to 
list. 
<programname> Specifies the name of the program whose processes you want 


to query. The .exe extension is required. 


PARAMETER DESCRIPTION 


/server: <servername> Specifies the Remote Desktop Session Host server whose 
processes you want to list. If unspecified, the server where 
you are currently logged on is used. 


/? Displays help at the command prompt. 


Remarks 


e Administrators have full access to all query process functions. 


e If you don't specify the <username>, <sessionname>, /id. <nn> , <programname>, or * parameters, this 


query displays only the processes that belong to the current user. 


e When query process returns information, a greater than (>) symbol is displayed before each process 
that belongs to the current session. 


Examples 


To display information about the processes being used by all sessions, type: 
query process * 
To display information about the processes being used by session ID 2, type: 


query process /ID:2 


Additional References 
e Command-Line Syntax Key 
@ query command 


e Remote Desktop Services (Terminal Services) Command Reference 


query session 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Displays information about sessions on a Remote Desktop Session Host server. The list includes information not 


only about active sessions but also about other sessions that the server runs. 


NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 


Syntax 


query session [<sessionname> 


[/counter ] 


Parameters 


PARAMETER 


<sessionname> 


<username> 


<sessionID> 


/server: <servername> 


/mode 


/flow 


/connect 


/counter 


R 


Remarks 





<sessionID>] [/server:<servername>] [/mode] [/flow] [/connect] 


DESCRIPTION 


Specifies the name of the session that you want to query. 


Specifies the name of the user whose sessions you want to 
query. 


Specifies the ID of the session that you want to query. 


Identifies the rd Session Host server to query. The default is 
the current server. 


Displays current line settings. 


Displays current flow-control settings. 


Displays current connect settings. 


Displays current counters information, including the total 
number of sessions created, disconnected, and reconnected. 


Displays help at the command prompt. 


e Auser can always query the session to which the user is currently logged on. To query other sessions, the 


user must have special access permission. 


e If you don't specify a session using the <username>, <sessionname>, or session/D parameters, this query 


will display information about all active sessions in the system. 


e When query session returns information, a greater than (>) symbol is displayed before the current 


session. For example: 


C:\>query session 


SESSIONNAME USERNAME ID STATE 
console Administrator1 Ø active 
>rdp-tcp#1 User1 1 active 
rdp-tcp 2 listen 
4 idle 
5 idle 
Where: 


TYPE DEVICE 
wdcon 

wdtshare 
wdtshare 


o SESSIONNAME specifies the name assigned to the session. 


o USERNAME indicates the user name of the user connected to the session. 


o STATE provides information about the current state of the session. 


o TYPE indicates the session type. 


o DEVICE, which isn't present for the console or network-connected sessions, is the device name assigned 


to the session. 


o Any sessions in which the initial state is configured as DISABLED won't show up in the query session 


list until they're enabled. 


Examples 


To display information about all active sessions on server Server2, type: 


query session /server:Server2 


To display information about active session modeMO02, type: 


query session modeMe2 


Additional References 


e Command-Line Syntax Key 


e query command 


e Remote Desktop Services (Terminal Services) Command Reference 


query termserver 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays a list of all Remote Desktop Session Host servers on the network. This command searches the network 
for all attached Remote Desktop Session Host servers and returns the following information: 


e Name of the server 


e Network (and node address if the /address option is used) 





NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 





Syntax 


query termserver [<servername>] [/domain:<domain>] [/address] [/continue] 


Parameters 
PARAMETER DESCRIPTION 
<servername> Specifies the name that identifies the Remote Desktop Session 
Host server. 

/domain: <domain> Specifies the domain to query for terminal servers. You don't 
need to specify a domain if you are querying the domain in 
which you are currently working. 

/address Displays the network and node addresses for each server. 

/continue Prevents pausing after each screen of information is 
displayed. 

/? Displays help at the command prompt. 

Examples 


To display information about all Remote Desktop Session Host servers on the network, type: 


query termserver 


To display information about the Remote Desktop Session Host server named Server3, type: 


query termserver Server3 


To display information about all Remote Desktop Session Host servers in domain CONTOSO, type: 


query termserver /domain:CONTOSO 


To display the network and node address for the Remote Desktop Session Host server named Server3, type: 


query termserver Server3 /address 


Additional References 
e Command-Line Syntax Key 


e query command 


e Remote Desktop Services (Terminal Services) Command Reference 


query user 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about user sessions on a Remote Desktop Session Host server. You can use this command to 


find out if a specific user is logged on to a specific Remote Desktop Session Host server. This command returns the 
following information: 


Name of the user 


Name of the session on the Remote Desktop Session Host server 


Session ID 


State of the session (active or disconnected) 


Idle time (the number of minutes since the last keystroke or mouse movement at the session) 


Date and time the user logged on 





NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 





Syntax 


query user [<username> | <sessionname> | <sessionID>] [/server:<servername>] 


Parameters 
PARAMETER DESCRIPTION 
<username> Specifies the logon name of the user that you want to query. 
<sessionname> Specifies the name of the session that you want to query. 
<sessionID> Specifies the ID of the session that you want to query. 
/server: <servername> Specifies the Remote Desktop Session Host server that you 
want to query. Otherwise, the current Remote Desktop 
Session Host server is used. This parameter is only required if 
you're using this command from a remote server. 
/? Displays help at the command prompt. 
Remarks 


e To use this command, you must have Full Control permission or special access permission. 


e If you don't specify a user using the <username>, <sessionname>, or session/D parameters, a list of all 


users who are logged on to the server is returned. Alternatively, you can also use the query session 
command to display a list of all sessions on a server. 


e When query user returns information, a greater than (>) symbol is displayed before the current session. 


Examples 


To display information about all users logged on the system, type: 
query user 
To display information about the user USER on server Server1, type: 


query user USER1 /server:Server1 


Additional References 


e Command-Line Syntax Key 
e query command 


e Remote Desktop Services (Terminal Services) Command Reference 


quser 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about user sessions on a Remote Desktop Session Host server. You can use this command to 


find out if a specific user is logged on to a specific Remote Desktop Session Host server. This command returns the 
following information: 


e Name of the user 


e Name of the session on the Remote Desktop Session Host server 


e Session ID 
e State of the session (active or disconnected) 
e Idle time (the number of minutes since the last keystroke or mouse movement at the session) 


e Date and time the user logged on 


NOTE 


This command is the same as the query user command. To find out what's new in the latest version, see What's New in 
Remote Desktop Services in Windows Server. 





Syntax 


quser [<username> | <sessionname> | <sessionID>] [/server:<servername>] 


Parameters 
PARAMETER DESCRIPTION 
<username> Specifies the logon name of the user that you want to query. 
<sessionname> Specifies the name of the session that you want to query. 
<sessionID> Specifies the ID of the session that you want to query. 
/server: <servername> Specifies the Remote Desktop Session Host server that you 
want to query. Otherwise, the current Remote Desktop 
Session Host server is used. This parameter is only required if 
you're using this command from a remote server. 
R Displays help at the command prompt. 
Remarks 


e To use this command, you must have Full Control permission or special access permission. 


e If you don't specify a user using the <username>, <sessionname>, or sessionID parameters, a list of all 
users who are logged on to the server is returned. Alternatively, you can also use the query session 
command to display a list of all sessions on a server. 


e When quser returns information, a greater than (>) symbol is displayed before the current session. 
Examples 
To display information about all users logged on the system, type: 

quser 


To display information about the user USER7 on server Server1, type: 


quser USER1 /server:Server1 


Additional References 
e Command-Line Syntax Key 
e query user command 


e Remote Desktop Services (Terminal Services) Command Reference 


qwinsta 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about sessions on a Remote Desktop Session Host server. The list includes information not 
only about active sessions but also about other sessions that the server runs. 





NOTE 


This command is the same as the query session command. To find out what's new in the latest version, see What's New in 
Remote Desktop Services in Windows Server. 





Syntax 


qwinsta [<sessionname> | <username> | <sessionID>] [/server:<servername>] [/mode] [/flow] [/connect] 


[/counter ] 
Parameters 
PARAMETER DESCRIPTION 
<sessionname> Specifies the name of the session that you want to query. 
<username> Specifies the name of the user whose sessions you want to 
query. 
<sessionID> Specifies the ID of the session that you want to query. 
/server: <servername> Identifies the rd Session Host server to query. The default is 
the current server. 
/mode Displays current line settings. 
/flow Displays current flow-control settings. 
/connect Displays current connect settings. 
/counter Displays current counters information, including the total 
number of sessions created, disconnected, and reconnected. 
/? Displays help at the command prompt. 
Remarks 


e A user can always query the session to which the user is currently logged on. To query other sessions, the 
user must have special access permission. 


e If you don't specify a session using the <username>, <sessionname>, or session/D parameters, this query 
will display information about all active sessions in the system. 


e When qwinsta returns information, a greater than (>) symbol is displayed before the current session. For 
example: 


C:\>qwinsta 


SESSIONNAME USERNAME ID STATE TYPE DEVICE 
console Administratori Ø active wdcon 
>rdp-tcp#1 User1 1 active wdtshare 
rdp-tcp 2 listen wdtshare 

4 idle 

5 idle 


Where: 


o SESSIONNAME specifies the name assigned to the session. 

o USERNAME indicates the user name of the user connected to the session. 
o STATE provides information about the current state of the session. 

o TYPE indicates the session type. 


o DEVICE, which isn't present for the console or network-connected sessions, is the device name assigned 
to the session. 


o Any sessions in which the initial state is configured as DISABLED won't show up in the qwinsta list until 
they're enabled. 


Examples 


To display information about all active sessions on server Server2, type: 
qwinsta /server:Server2 
To display information about active session modeMO02, type: 


qwinsta modeMØ2 


Additional References 


e Command-Line Syntax Key 
e query session command 


e Remote Desktop Services (Terminal Services) Command Reference 


rcp 
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IMPORTANT 


This command has been deprecated. 





You can install the subsystem for UNIX-based Applications using the Add Features Wizard. For more information 
and the download files, see Utilities and SDK for Subsystem for UNIX-based Applications in Microsoft Windows 7 
and Windows Server 2008 R2. 


After installation, you can then open a C Shell (csh or tcsh) or KornShell command window and run rcp. For more 
information, type man rcp at the C Shell or KornShell prompt. 


Additional References 


e Command-Line Syntax Key 


rd 
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Deletes a directory. 


The rd command can also run from the Windows Recovery Console, using different parameters. For more 
information, see Windows Recovery Environment (WinRE). 





NOTE 


This command is the same as the rmdir command. 








Syntax 


rd [<drive>:]<path> [/s [/q]] 


Parameters 
PARAMETER DESCRIPTION 
[<drive>: ]<path> Specifies the location and the name of the directory that you 
want to delete. Path is required. If you include a backslash () at 
the beginning of the specified path, then the path starts at 
the root directory (regardless of the current directory). 

/s Deletes a directory tree (the specified directory and all its 
subdirectories, including all files). 

/q Specifies quiet mode. Does not prompt for confirmation when 

deleting a directory tree. The /q parameter works only if /s is 
also specified. 
CAUTION: When you run in quiet mode, the entire 
directory tree is deleted without confirmation. Make sure 
that important files are moved or backed up before using 
the /q command-line option. 

P? Displays help at the command prompt. 

Remarks 


e You can't delete a directory that contains files, including hidden or system files. If you attempt to do so, the 
following message appears: 


The directory is not empty 


Use the dir /a command to list all files (including hidden and system files). Then use the attrib command 
with -h to remove hidden file attributes, -s to remove system file attributes, or -h -s to remove both hidden 
and system file attributes. After the hidden and file attributes have been removed, you can delete the files. 


e You can't use the rd command to delete the current directory. If you attempt to delete the current directory, 
the following error message appears: 


The process can't access the file because it is being used by another process. 


If you receive this error message, you must change to a different directory (not a subdirectory of the current 
directory), and then try again. 


Examples 


To change to the parent directory so you can safely remove the desired directory, type: 
el ox 

To remove a directory named test (and all its subdirectories and files) from the current directory, type: 
rd /s test 

To run the previous example in quiet mode, type: 


rd /s /q test 


Additional References 


e Command-Line Syntax Key 


rdpsign 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Enables you to digitally sign a Remote Desktop Protocol (.rdp) file. 





NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 





Syntax 


rdpsign /shai <hash> [/q | /v |] [/1] «file name.rdp> 


Parameters 
PARAMETER DESCRIPTION 
/shal <hash> Specifies the thumbprint, which is the Secure Hash Algorithm 
1 (SHA1) hash of the signing certificate that is included in the 
certificate store. Used in Windows Server 2012 R2 and older. 
/sha256 <hash> Specifies the thumbprint, which is the Secure Hash Algorithm 
256 (SHA256) hash of the signing certificate that is included 
in the certificate store. Replaces /sha1 in Windows Server 
2016 and newer. 
/q Quiet mode. No output when the command succeeds and 
minimal output if the command fails. 
N verbose mode. Displays all warnings, messages, and status. 
Å Tests the signing and output results without actually replacing 
any of the input files. 
<file_name.rdp> The name of the .rdp file. You must specify the .rdp file (or 
files) to sign by using the full file name. Wildcard characters 
are not accepted. 
it Displays help at the command prompt. 
Remarks 


e@ The SHA1 or SHA256 certificate thumbprint should represent a trusted .rdp file publisher. To obtain the 
certificate thumbprint, open the Certificates snap-in, double-click the certificate that you want to use 
(either in the local computer's certificates store or in your personal certificates store), click the details tab, 
and then in the Field list, click Thumbprint. 





NOTE 


When you copy the thumbprint for use with the rdpsign.exe tool, you must remove any spaces. 





e The signed output files overwrite the input files. 


e If multiple files are specified, and if any of the .rdp files can't be read or written to, the tool continues to the 
next file. 


Examples 
To sign an .rdp file named fi/e7.rdp, navigate to the folder where you saved the .rdp file, and then type: 


rdpsign /sha1 hash filel.rdp 





NOTE 


The hash value represents the SHA1 certificate thumbprint, without any spaces. 


To test whether digital signing will succeed for an .rdp file without actually signing the file, type: 


rdpsign /sha1 hash /1 filel.rdp 


To sign multiple .rdp files that are named, file7.rdp, file2.rdp, and file3.rdp, type (including the spaces between file 
names): 


rdpsign /shal hash filel.rdp file2.rdp file3.rdp 


See Also 


e Command-Line Syntax Key 


e Remote Desktop Services (Terminal Services) Command Reference 


recover 
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Recovers readable information from a bad or defective disk. This command reads a file, sector-by-sector, and 
recovers data from the good sectors. Data in bad sectors is lost. Because all data in bad sectors is lost when you 
recover a file, you should recover only one file at a time. 


Bad sectors reported by the chkdsk command were marked as bad when your disk was prepared for operation. 
They pose no danger, and recover does not affect them. 


Syntax 


recover [<drive>: ][<path>]<filename> 


Parameters 
PARAMETER DESCRIPTION 
[<drive>: ][<path>]<filename> Specifies the file name (and the location of the file if it is not in 
the current directory) you want to recover. Filename is 
required and wildcards aren't supported. 
/ Displays help at the command prompt. 
Examples 


To recover the file story.txtin the \fiction directory on drive D, type: 


recover d:\fiction\story.txt 


Additional References 


e Command-Line Syntax Key 


recover (DiskPart) 
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Refreshes the state of all disks in a disk group, attempt to recover disks in an invalid disk group, and resynchronizes 
mirrored volumes and RAID-5 volumes that have stale data. This command operates on disks that are failed or 
failing. It also operates on volumes that are failed, failing, or in failed redundancy state. 


This command operates on groups of dynamic disks. If this command is used on a group with a basic disk, it won't 
return an error, but no action will be taken. 





NOTE 


A disk that is part of a disk group must be selected for this operation to succeed. Use the select disk command to select a 
disk and shift the focus to it. 





Syntax 


recover [noerr] 


Parameters 
PARAMETER DESCRIPTION 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To recover the disk group that contains the disk with focus, type: 


recover 


Additional References 


e Command-Line Syntax Key 


ReFSUtil 


11/2/2020 * 4 minutes to read * Edit Online 





Applies to: Windows Server 2019, Windows 10 


ReFSUtil is a tool included in Windows and Windows Server that attempts to diagnose heavily damaged ReFS 
volumes, identify remaining files, and copy those files to another volume. This comes in Windows 10 in the 
%SystemRoot%\Windows\System32 folder or in Windows Server in the %systemRoot%YSystem32 folder. 


ReFS salvage is the primary function of ReFSUtil, and is useful for recovering data from volumes that show as RAW 
in Disk Management. ReFS Salvage has two phases: Scan Phase and a Copy Phase. In automatic mode, the Scan 
Phase and Copy Phase will run sequentially. In manual mode, each phase can be run separately. Progress and logs 
are saved in a working directory to allow phases to be run separately as well as Scan Phase to be paused and 
resumed. You shouldn't need to use the ReFSutil tool unless the volume is RAW. If read-only, then data is still 


accessible. 
Parameters 
PARAMETER DESCRIPTION 
<source volume> Specifies the ReFS volume to process. The drive letter must be 
formatted as "L:", or you must provide a path to the volume 
mount point. 
<working directory> Specifies the location to store temporary information and logs. 
It must not be located on the <source volume> . 
<target directory> Specifies the location where identified files are copied to. It 
must not be located on the <source volume> . 
-m Recovers all possible files including deleted ones. 
WARNING: Not only does this parameter cause the 
process to take longer to run, but it can also lead to 
unexpected results. 
-V Specifies to use verbose mode. 
-X Forces the volume to dismount first, if necessary. All opened 


handles to the volume are then invalid. For example, 
refsutil salvage -QA R: N:\WORKING N:\DATA -x . 


Usage and available options 


Quick automatic mode command line usage 


Performs a Quick Scan Phase followed by a Copy Phase. This mode runs quicker as it assumes some critical 
structures of the volume aren't corrupted and so there's no need to scan the entire volume to locate them. This also 
reduces the recovery of stale files/directories/volumes. 


refsutil salvage -QA <source volume> <working directory> <target directory> <options> 


Full automatic mode command line usage 


Performs a Full Scan Phase followed by a Copy Phase. This mode may take a long time as it will scan the entire 


volume for any recoverable files/directories/volumes. 


refsutil salvage -FA <source volume> <working directory> <target directory> <options> 


Diagnose phase command line usage (manual mode) 


First, try to determine if the <source volume> is an ReFS volume and determine if the volume is mountable. If a 


volume isn't mountable, the reason(s) will be provided. This is a standalone phase. 


refsutil salvage -D <source volume> <working directory> <options> 


Quick Scan phase command line usage 


Performs a Quick Scan of the <source volume> for any recoverable files. This mode runs quicker as it assumes 
some critical structures of the volume are not corrupted and so there's no need to scan the entire volume to locate 

them. This also reduces the recovery of stale files/directories/volumes. Discovered files are logged to the 
foundfiles.<volume signature>.txt file, located in your <working directory> . If the Scan Phase was previously 


stopped, running with the -QS flag again resumes the scan from where it left off. 


refsutil salvage -QS <source volume> <working directory> <options> 


Full Scan phase command line usage 


Scans the entire <source volume> for any recoverable files. This mode may take a long time as it will scan the entire 
volume for any recoverable files. Discovered files will be logged to the foundfiles.<volume signature>.txt file, 
located in your <working directory> . If the Scan Phase was previously stopped, running with the -FS flag again 


resumes the scan from where it left off. 


refsutil salvage -FS <source volume> <working directory> <options> 


Copy phase command line usage 


Copies all files described in the foundfiles.<volume signature>.txt file to your <target directory> .If you stop the 
Scan Phase too early, it's possible that the the foundfiles.<volume signature>.txt file might not yet exist, so no file 


is copied to the <target directory> . 


refsutil salvage -C <source volume> <working directory> <target directory> <options> 


Copy phase with list command line usage 


Copies all the files in the <file list> fromthe <source volume> to your <target directory> . The files in the 
<file list> must have first been identified by the Scan Phase, though the scan need not have been run to 
completion. The <file list> can be generated by copying foundfiles.<volume signature>.txt to anew file, 
removing lines referencing files that shouldn't be restored, and preserving files that should be restored. The 
PowerShell cmdlet Select-String may be helpful in filtering foundfiles.<volume signature>.txt to only include 
desired paths, extensions, or file names. 


refsutil salvage -SL <source volume> <working directory> <target directory> <file list> <options> 


Copy phase with interactive console 


Advanced users can salvage files using an interactive console. This mode also requires files generated from either 


of the Scan Phases. 


refsutil salvage -IC <source volume> <working directory> <options> 


Additional References 


e Command-Line Syntax Key 


reg commands 
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Performs operations on registry subkey information and values in registry entries. 


Some operations enable you to view or configure registry entries on local or remote computers, while others allow 
you to configure only local computers. Using reg to configure the registry of remote computers limits the 
parameters that you can use in some operations. Check the syntax and parameters for each operation to verify that 
they can be used on remote computers. 


Caution 

Don't edit the registry directly unless you have no alternative. The registry editor bypasses standard safeguards, 
allowing settings that can degrade performance, damage your system, or even require you to reinstall Windows. 
You can safely alter most registry settings by using the programs in Control Panel or Microsoft Management 
Console (MMC). If you must edit the registry directly, back it up first. 


Syntax 


reg add 

reg compare 
reg copy 
reg delete 
reg export 
reg import 
reg load 
reg query 
reg restore 
reg save 
reg unload 


Parameters 

PARAMETER DESCRIPTION 

reg add Adds a new subkey or entry to the registry. 

reg compare Compares specified registry subkeys or entries. 

reg copy Copies a registry entry to a specified location on the local or 
remote computer. 

reg delete Deletes a subkey or entries from the registry. 

reg export Copies the specified subkeys, entries, and values of the local 
computer into a file for transfer to other servers. 

reg import Copies the contents of a file that contains exported registry 
subkeys, entries, and values into the registry of the local 
computer. 

reg load Writes saved subkeys and entries into a different subkey in 


the registry. 


PARAMETER 


reg query 


reg restore 


reg save 


reg unload 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Returns a list of the next tier of subkeys and entries that are 
located under a specified subkey in the registry. 


Writes saved subkeys and entries back to the registry. 


Saves a copy of specified subkeys, entries, and values of the 
registry in a specified file. 


Removes a section of the registry that was loaded using the 
reg load operation. 


reg add 
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Adds a new subkey or entry to the registry. 


Syntax 


reg add <keyname> [(/v Valuename | /ve)] [/t datatype] [/s Separator] [/d Data] [/f] 


Parameters 
PARAMETER DESCRIPTION 
<keyname> Specifies the full path of the subkey or entry to be added. To 

specify a remote computer, include the computer name (in the 
format \\<computername>\ ) as part of the kKeyname. 
Omitting \\<computername>\ causes the operation to 
default to the local computer. The kKeyname must include a 
valid root key. Valid root keys for the local computer are: 
HKLM, HKCU, HKCR, HKU, and HKCC. If a remote computer 
is specified, valid root keys are: HKLM and HKU. If the 
registry key name contains a space, enclose the key name in 
quotes. 

NV <Valuename> Specifies the name of the add registry entry. 

/ve Specifies that the added registry entry has a null value. 

/t <Type> Specifies the type for the registry entry. Type must be one of 
the following: 
e REG_SZ 
e REG_MULTI_SZ 
e REG DWORD BIG ENDIAN 
e REG DWORD 
e REG BINARY 
e REG DWORD LITTLE ENDIAN 
e REG LINK 
e REG FULL RESOURCE DESCRIPTOR 
e REG EXPAND SZ 

/S <Separator> Specifies the character to be used to separate multiple 
instances of data when the REG MULTI SZ data type is 
specified and more than one entry is listed. If not specified, 
the default separator is NO. 

/d <Data> Specifies the data for the new registry entry. 

jf Adds the registry entry without prompting for confirmation. 


/? Displays help at the command prompt. 


Remarks 
e Subtrees can't be added with this operation. This version of reg doesn't ask for confirmation when adding a 


subkey. 


e The return values for the reg add operation are: 


VALUE DESCRIPTION 
0 Success 
1 Failure 


e For the REG_EXPAND_SZ key type, use the caret symbol ( Å ) with % inside the /d parameter. 


Examples 


To add the key HKLM\Software\MyCo on remote computer ABC, type: 
reg add \\ABC\HKLM\Software\MyCo 


To add a registry entry to HKLM\Software\MyCowith a value named Data, the type REG_B/NARY, and data of 
fe340ead, type: 


reg add HKLM\Software\MyCo /v Data /t REG_BINARY /d fe34@ead 


To add a multi-valued registry entry to HKLM\Software\MyCowith a value named MRU, the type REG_MULTI SZ, 
and data of fax\Omai/\0\0, type: 


reg add HKLM\Software\MyCo /v MRU /t REG MULTI SZ /d faxVØmailVØye 


To add an expanded registry entry to HKLM\Software\MyCowith a value named Path, the type REG_EXPAND_SZ, 
and data of %systemroot%, type: 


reg add HKLM\Software\MyCo /v Path /t REG_EXPAND_SZ /d “%systemroot*% 


Additional References 


e Command-Line Syntax Key 


reg compare 
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Compares specified registry subkeys or entries. 


Syntax 


reg compare <keynamel> <keyname2> [(/v Valuename | /ve)] [(/0a | /od | /os | on)] [/s] 


Parameters 


PARAMETER DESCRIPTION 


<keyname1> Specifies the full path of the subkey or entry to be added. To 
specify a remote computer, include the computer name (in the 
format \\<computername>\ ) as part of the kKeyname. 
Omitting \\<computername>\ causes the operation to 
default to the local computer. The kKeyname must include a 
valid root key. Valid root keys for the local computer are: 
HKLM, HKCU, HKCR, HKU, and HKCC. If a remote computer 
is specified, valid root keys are: HKLM and HKU. If the 
registry key name contains a space, enclose the key name in 
quotes. 


<keyname2> Specifies the full path of the second subkey to be compared. 
To specify a remote computer, include the computer name (in 
the format \\<computername>\ ) as part of the keyname. 
Omitting \\<computername>\ causes the operation to 
default to the local computer. Specifying only the computer 
name in keyname2 causes the operation to use the path to 
the subkey specified in keyname7. The keyname must include 
a valid root key. Valid root keys for the local computer are: 
HKLM, HKCU, HKCR, HKU, and HKCC. If a remote computer 
is specified, valid root keys are: HKLM and HKU. If the 
registry key name contains a space, enclose the key name in 
quotes. 


/N <Valuename> Specifies the value name to compare under the subkey. 


/ve Specifies that only entries that have a value name of null 
should be compared. 


/oa Specifies that all differences and matches are displayed. By 
default, only the differences are listed. 


/od Specifies that only differences are displayed. This is the default 
behavior. 


/os Specifies that only matches are displayed. By default, only the 
differences are listed. 


PARAMETER 


/on 


/s 


P? 


Remarks 


e The return values for the reg compare operation are: 


VALUE 


e The symbols displayed in the results, include: 


SYMBOL 


Examples 


DESCRIPTION 


Specifies that nothing is displayed. By default, only the 
differences are listed. 


Compares all subkeys and entries recursively. 


Displays help at the command prompt. 


DESCRIPTION 


The comparison is successful and the result is identical. 


The comparison failed. 


The comparison was successful and differences were 
found. 


DESCRIPTION 


KeyNameT data is equal to KeyName? data. 


KeyNameT data is less than KeyName? data. 


KeyNameT data is greater than KeyName? data. 


To compare all values under the key MyApp with all values under the key SaveMyApp, type: 


reg compare HKLM\Software\MyCo\MyApp HKLM\Software\MyCo\SaveMyApp 


To compare the value for the Version under the key MyCo and the value for the Version under the key MyCo1, 


type: 


reg compare HKLM\Software\MyCo HKLM\Software\MyCo1 /v Version 


To compare all subkeys and values under HKLM\Software\MyCo on the computer named ZODIAC, with all subkeys 


and values under HKLM\Software\MyCo on the local computer, type: 


reg compare \\ZODIAC\HKLM\Software\MyCo \\. /s 


Additional References 


e Command-Line Syntax Key 


groe 
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Copies a registry entry to a specified location on the local or remote computer. 


Syntax 


reg copy <keynamel> <keyname2> [/s] [/f] 


Parameters 


PARAMETER DESCRIPTION 


<keyname1> Specifies the full path of the subkey or entry to be added. To 
specify a remote computer, include the computer name (in the 
format \\<computername>\ ) as part of the kKeyname. 
Omitting \\<computername>\ causes the operation to 
default to the local computer. The kKeyname must include a 
valid root key. Valid root keys for the local computer are: 
HKLM, HKCU, HKCR, HKU, and HKCC. If a remote computer 
is specified, valid root keys are: HKLM and HKU. If the 
registry key name contains a space, enclose the key name in 
quotes. 


<keyname2> Specifies the full path of the second subkey to be compared. 
To specify a remote computer, include the computer name (in 
the format \\<computername>\ ) as part of the keyname. 
Omitting \\<computername>\ causes the operation to 
default to the local computer. The kKeyname must include a 
valid root key. Valid root keys for the local computer are: 
HKLM, HKCU, HKCR, HKU, and HKCC. If a remote computer 
is specified, valid root keys are: HKLM and HKU. If the 
registry key name contains a space, enclose the key name in 
quotes. 


/s Copies all subkeys and entries under the specified subkey. 
/f Copies the subkey without prompting for confirmation. 


/? Displays help at the command prompt. 


Remarks 


e This command doesn't ask for confirmation when copying a subkey. 


e The return values for the reg compare operation are: 
VALUE DESCRIPTION 
0 Success 


1 Failure 


Examples 


To copy all subkeys and values under the key MyApp to the key SaveMyApp, type: 
reg copy HKLM\Software\MyCo\MyApp HKLM\Software\MyCo\SaveMyApp /s 


To copy all values under the key MyCo on the computer named ZODIAC to the key MyCo1 on the current 


computer, type: 


reg copy \\ZODIAC\HKLM\Software\MyCo HKLM\Software\MyCo1 


Additional References 


e Command-Line Syntax Key 


reg delete 
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Deletes a subkey or entries from the registry. 


Syntax 


reg delete <keyname> [(/v Valuename | /ve | /va)] [/f] 


Parameters 


PARAMETER 


<keyname1> 


IV. <Valuename> 
/ve 

jva 

/t 

n 


Remarks 


e The return values for the reg delete operation are: 


VALUE 


Examples 


DESCRIPTION 


Specifies the full path of the subkey or entry to be added. To 
specify a remote computer, include the computer name (in the 
format \\<computername>\ ) as part of the keyname. 
Omitting \\<computername>\ causes the operation to 
default to the local computer. The kKeyname must include a 
valid root key. Valid root keys for the local computer are: 
HKLM, HKCU, HKCR, HKU, and HKCC. If a remote computer 
is specified, valid root keys are: HKLM and HKU. If the 
registry key name contains a space, enclose the key name in 
quotes. 


Deletes a specific entry under the subkey. If no entry is 
specified, then all entries and subkeys under the subkey will 
be deleted. 


Specifies that only entries that have no value will be deleted. 


Deletes all entries under the specified subkey. Subkeys under 
the specified subkey are not deleted. 


Deletes the existing registry subkey or entry without asking 
for confirmation. 


Displays help at the command prompt. 


DESCRIPTION 


Success 


Failure 


To delete the registry key Timeout and its all subkeys and values, type: 


reg delete HKLM\Software\MyCo\MyApp\Timeout 


To delete the registry value MTU under HKLM\Software\MyCo on the computer named ZODIAC, type: 


reg delete \\ZODIAC\HKLM\Software\MyCo /v MTU 


Additional References 


e Command-Line Syntax Key 


reg export 
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Copies the specified subkeys, entries, and values of the local computer into a file for transfer to other servers. 


Syntax 


reg export <keyname> <filename> [/y] 


Parameters 


PARAMETER 


<keyname> 


<filename> 
/y 


R 


Remarks 


e The return values for the reg export operation are: 


VALUE 


Examples 


DESCRIPTION 


Specifies the full path of the subkey. The export operation only 
works with the local computer. The keyname must include a 
valid root key. Valid root keys for the local computer are: 
HKLM, HKCU, HKCR, HKU, and HKCC. If the registry key 
name contains a space, enclose the key name in quotes. 


Specifies the name and path of the file to be created during 
the operation. The file must have a .reg extension. 


Overwrites any existing file with the name filename without 
prompting for confirmation. 


Displays help at the command prompt. 


DESCRIPTION 


Success 


Failure 


To export the contents of all subkeys and values of the key MyApp to the file AppBkUp.reg, type: 


reg export HKLM\Software\MyCo\MyApp AppBkUp.reg 


Additional References 


e Command-Line Syntax Key 


reg import 
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Copies the contents of a file that contains exported registry subkeys, entries, and values into the registry of the 


local computer. 


Syntax 


reg import <filename> 


Parameters 


PARAMETER 


<filename> 


R 


Remarks 


e The return values for the reg import operation are: 


VALUE 


Examples 


DESCRIPTION 


Specifies the name and path of the file that has content to be 
copied into the registry of the local computer. This file must be 
created in advance by using reg export. 


Displays help at the command prompt. 


DESCRIPTION 


Success 


Failure 


To import registry entries from the file named AppBkUp.reg, type: 


reg import AppBkUp.reg 


Additional References 
e Command-Line Syntax Key 


e reg export command 


reg load 
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Writes saved subkeys and entries into a different subkey in the registry. This command is intended for use with 


temporary files that are used for troubleshooting or editing registry entries. 


Syntax 


reg load <keyname> <filename> 


Parameters 


PARAMETER 


<keyname> 


<filename> 


R 


Remarks 


e The return values for the reg load operation are: 


VALUE 


Examples 


DESCRIPTION 


Specifies the full path of the subkey to be loaded. To specify a 
remote computer, include the computer name (in the format 

\\<computername>\ ) as part of the keyname Omitting 

\\<computername>\ causes the operation to default to the 
local computer. The keyname must include a valid root key. 
Valid root keys for the local computer are: HKLM, HKCU, 
HKCR, HKU, and HKCC. If a remote computer is specified, 
valid root keys are: HKLM and HKU. If the registry key name 
contains a space, enclose the key name in quotes. 


Specifies the name and path of the file to be loaded. This file 
must be created in advance by using the reg save command, 
and must have a -hiv extension. 


Displays help at the command prompt. 


DESCRIPTION 


Success 


Failure 


To load the file named TempHive.hiv to the key HKLM\TempHive, type: 


reg load HKLM\TempHive TempHive.hiv 


Additional References 
e Command-Line Syntax Key 


è reg save command 


reg query 
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Returns a list of the next tier of subkeys and entries that are located under a specified subkey in the registry. 


Syntax 


reg query <keyname> [{/v <Valuename> | /ve}] [/s] [/se <separator>] [/f <data>] [{/k | /d}] [/c] [/e] [/t 
<Type>] [/z] 


Parameters 
PARAMETER DESCRIPTION 
<keyname> Specifies the full path of the subkey. To specify a remote 

computer, include the computer name (in the format 
\\<computername>\ ) as part of the keyname. Omitting 
\\<computername>\ causes the operation to default to the 

local computer. The kKeyname must include a valid root key. 

Valid root keys for the local computer are: HKLM, HKCU, 

HKCR, HKU, and HKCC. If a remote computer is specified, 

valid root keys are: HKLM and HKU. If the registry key name 

contains a space, enclose the key name in quotes. 

/N <Valuename> Specifies the registry value name that is to be queried. If 
omitted, all value names for keyname are returned. 
Valuename for this parameter is optional if the /f option is 
also used. 

/ve Runs a query for value names that are empty. 

/s Specifies to query all subkeys and value names recursively. 

/se <separator> Specifies the single value separator to search for in the value 
name type REG_MULTI_SZ. If separator isn't specified, \O is 
used. 

/f <data> Specifies the data or pattern to search for. Use double quotes 
if a string contains spaces. If not specified, a wildcard (*) is 
used as the search pattern. 

/k Specifies to search in key names only. 

/d Specifies to search in data only. 

/c Specifies that the query is case sensitive. By default, queries 
are not case sensitive. 

/e Specifies to return only exact matches. By default, all the 


matches are returned. 


PARAMETER 


/t <Type> 


/Z 


P? 


Remarks 


e The return values for the reg query operation are: 


VALUE 


Examples 


DESCRIPTION 


Specifies registry types to search. Valid types are: REG_SZ, 
REG MULTI SZ, REG EXPAND SZ, REG DWORD, 
REG BINARY, REG NONE. If not specified, all types are 
searched. 


Specifies to indude the numeric equivalent for the registry 
type in search results. 


Displays help at the command prompt. 


DESCRIPTION 


Success 


Failure 


To display the value of the name value Version in the HKLM\Software\Microsoft\ResKit key, type: 


reg query HKLM\Software\Microsoft\ReskKit /v Version 


To display all subkeys and values under the key HKLM\Software\Microsoft\ResKit\Nt\Setup on a remote computer 


named ABC, type: 


reg query \\ABC\HKLM\Software\Microsoft\ResKit\Nt\Setup /s 


To display all the subkeys and values of the type REG_MULTI_SZ using # as the separator, type: 


reg query HKLM\Software\Microsoft\ResKit\Nt\Setup /se # 


To display the key, value, and data for exact and case sensitive matches of SYSTEM under the HKLM root of data 


type REG_SZ, type: 


reg query HKLM /f SYSTEM /t REG_SZ /c /e 


To display the key, value, and data that match OF in the data under the HKCU root key of data type REG_BINARY, 


type: 


reg query HKCU /f @F /d /t REG BINARY 


To display the value and data for value names of null (default) under HKLM\SOFTWARE, type: 


reg query HKLM\SOFTWARE /ve 


Additional References 


e Command-Line Syntax Key 


reg restore 
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Writes saved subkeys and entries back to the registry. 


Syntax 


reg restore <keyname> <filename> 


Parameters 
PARAMETER DESCRIPTION 
<keyname> Specifies the full path of the subkey to be restored. The 
restore operation only works with the local computer. The 
keyname must include a valid root key. Valid root keys for the 
local computer are: HKLM, HKCU, HKCR, HKU, and HKCC. If 
the registry key name contains a space, enclose the key name 
in quotes. 
<filename> Specifies the name and path of the file with content to be 
written into the registry. This file must be created in advance 
by using the reg save command, and must have a .hiv 
extension. 
R Displays help at the command prompt. 
Remarks 


e Before editing any registry entries, you must save the parent subkey using the reg save command. If the 
edit fails, you can then restore the original subkey using the reg restore operation. 


e The return values for the reg restore operation are: 


VALUE DESCRIPTION 

0 Success 

1 Failure 
Examples 


To restore the file named NTRKBkUp.hiv into the key HKLM\Software\Microsoft\ResKit, and overwrite the existing 
contents of the key, type: 


reg restore HKLM\Software\Microsoft\ResKit NTRKBkUp.hiv 


Additional References 


e Command-Line Syntax Key 


@ reg save command 


reg save 
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Saves a copy of specified subkeys, entries, and values of the registry in a specified file. 


Syntax 


reg save <keyname> <filename> [/y] 


Parameters 
PARAMETER DESCRIPTION 
<keyname> Specifies the full path of the subkey. To specify a remote 
computer, include the computer name (in the format 
\\<computername>\ ) as part of the keyname. Omitting 
\\<computername>\ causes the operation to default to the 
local computer. The keyname must include a valid root key. 
Valid root keys for the local computer are: HKLM, HKCU, 
HKCR, HKU, and HKCC. If a remote computer is specified, 
valid root keys are: HKLM and HKU. If the registry key name 
contains a space, enclose the key name in quotes. 
<filename> Specifies the name and path of the created file. If no path is 
specified, the current path is used. 
/y Overwrites an existing file with the name filename without 
prompting for confirmation. 
/? Displays help at the command prompt. 
Remarks 


e Before editing any registry entries, you must save the parent subkey using the reg save command. If the 
edit fails, you can then restore the original subkey using the reg restore operation. 


e The return values for the reg save operation are: 


VALUE DESCRIPTION 

0 Success 

1 Failure 
Examples 


To save the hive MyApp into the current folder as a file named AppBkUp.hiv, type: 


reg save HKLM\Software\MyCo\MyApp AppBkUp.hiv 


Additional References 


e Command-Line Syntax Key 


e reg restore command 


reg unload 
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Removes a section of the registry that was loaded using the reg load operation. 


Syntax 


reg unload <keyname> 


Parameters 


PARAMETER 


<keyname> 


Pp 


Remarks 


e The return values for the reg unload operation are: 


VALUE 


Examples 


To unload the hive TempHive in the file HKLM, type: 


reg unload HKLM\TempHive 


Caution 


DESCRIPTION 


Specifies the full path of the subkey. To specify a remote 
computer, include the computer name (in the format 

\\<computername>\ ) as part of the keyname Omitting 

\\<computername>\ causes the operation to default to the 
local computer. The kKeyname must include a valid root key. 
Valid root keys for the local computer are: HKLM, HKCU, 
HKCR, HKU, and HKCC. If a remote computer is specified, 
valid root keys are: HKLM and HKU. If the registry key name 
contains a space, enclose the key name in quotes. 


Displays help at the command prompt. 


DESCRIPTION 


Success 


Failure 


Don't edit the registry directly unless you have no alternative. The registry editor bypasses standard safeguards, 


allowing settings that can degrade performance, damage your system, or even require you to reinstall Windows. 


You can safely alter most registry settings by using the programs in Control Panel or Microsoft Management 


Console (MMC). If you must edit the registry directly, back it up first. 


Additional References 


e Command-Line Syntax Key 


e reg load command 


regini 
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Modifies the registry from the command line or a script, and applies changes that were preset in one or more text 


files. You can create, modify, or delete registry keys, in addition to modifying the permissions on the registry keys. 


For details on the format and content of the text script file that regini.exe uses to make changes to the registry, see 


How to change registry values or permissions from a command line or a script. 


Syntax 


regini [-m \\machinename | -h hivefile hiveroot][-i n] [-o outputwidth][-b] textfiles... 
Parameters 
PARAMETER DESCRIPTION 


-Mm <\\computername> 


-h <hivefile hiveroot> 


-i <n> 


-O <outputwidth> 


textfiles 


Remarks 


Specifies the remote computer name with a registry that is to 
be modified. Use the format \ComputerName. 


Specifies the local registry hive to modify. You must specify the 
name of the hive file and the root of the hive in the format 
hivefile hiveroot. 


Specifies the level of indentation to use to indicate the tree 
structure of registry keys in the command output. The 
regdmp.exe tool (which gets a registry key's current 
permissions in binary format) uses indentation in multiples of 
four, so the default value is 4. 


Specifies the width of the command output, in characters. If 
the output will appear in the command window, the default 
value is the width of the window. If the output is directed to a 
file, the default value is 240 characters. 


Specifies that regini.exe output is backward compatible with 
previous versions of regini.exe. 


Specifies the name of one or more text files that contain 
registry data. Any number of ANSI or Unicode text files can be 
listed. 


The following guidelines apply primarily to the content of the text files that contain registry data that you apply by 


using regini.exe. 


e Use the semicolon as an end-of-line comment character. It must be the first non-blank character in a line. 


e Use the backslash to indicate continuation of a line. The command will ignore all characters from the 


backslash up to (but not including) the first non-blank character of the next line. If you include more than 
one space before the backslash, it is replaced by a single space. 


e Use hard-tab characters to control indentation. This indentation indicates the tree structure of the registry 


keys; however, these characters are converted to a single space regardless of their position. 


Additional References 


e Command-Line Syntax Key 


regsvr32 
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Registers .dll files as command components in the registry. 


Syntax 


regsvr32 [/u] [/s] [/n] [/i[:cmdline]] <Dliname> 


Parameters 

PARAMETER DESCRIPTION 

/u Unregisters server. 

/s Prevents displaying messages. 

/n Prevents calling DIlRegisterServer. This parameter requires 
you to also use the /i parameter. 

/i: <cmdline> Passes an optional command-line string (cmdline) to 
Dillnstall. If you use this parameter with the /u parameter, it 
calls DIIUninstall. 

<D11name> The name of the .dll file that will be registered. 
/? Displays help at the command prompt. 
Examples 


To register the .dll for the Active Directory Schema, type: 


regsvr32 schmmgmt.dll 


Additional References 


e Command-Line Syntax Key 


relog 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Extracts performance counters from performance counter logs into other formats, such as text-TSV (for tab- 
delimited text), text-CSV (for comma-delimited text), binary-BIN, or SQL. 





NOTE 


For more information about incorporating relog into your Windows Management Instrumentation (WMI) scripts, see the 
Scripting blog. 





Syntax 


relog [<filename> [<filename> ...]] [/a] [/c <path> [<path> ...]] [/cf <filename>] [/f {bin|csv|tsv|SQL}] [/t 
<value>] [/o {outputfile|DSN!CounterLog}] [/b <M/D/YYYY> [[<HH>:] <MM>:] <SS>] [/e <M/D/YYYY> [[<HH>:] <MM>:] 
<SS>] [/config {<filename>|i}] [/q] 


Parameters 


PARAMETER DESCRIPTION 


filename [filename ...] Specifies the pathname of an existing performance counter 
log. You can specify multiple input files. 


-a Appends output file instead of overwriting. This option does 
not apply to SQL format where the default is always to 
append. 


-C path [path ...] Specifies the performance counter path to log. To specify 
multiple counter paths, separate them with a space and 
enclose the counter paths in quotation marks (for example, 

"path1 path2" ). 


-cf filename Specifies the pathname of the text file that lists the 
performance counters to be included in a relog file. Use this 
option to list counter paths in an input file, one per line. 
Default setting is all counters in the original log file are 
relogged. 


-f {bin | csv | tsv | SQL} Specifies the pathname of the output file format. The default 
format is bin. For a SQL database, the output file specifies the 
DSN!CounterLog . You can specify the database location by 
using the ODBC manager to configure the DSN (Database 
System Name). 


-t value Specifies sample intervals in n records. Includes every nth data 
point in the relog file. Default is every data point. 


PARAMETER DESCRIPTION 


-O {Outputfile | SQL:DSN!Counter Log) Specifies the pathname of the output file or SQL database 
where the counters will be written. 


Note: For the 64-bit and 32-bit versions of relog.exe, you 
must define a DSN in the ODBC Data Source (64-bit and 
32-bit respectively) on the system. Use the "SQL Server" 
ODBC driver to define a DSN. 


-b <M/D/YYYY> [[<HH>:]<MM>:]<SS>] Specifies the beginning time to copy the first record from the 
input file. Date and time must be in this exact format 
M/D/YYYYHH:MM:SS. 


-e€ <M/D/YYYY> [[<HH>:]<MM>:]<SS>] Specifies the end time to copy the last record from the input 
file. Date and time must be in this exact format 
M/D/YYYYHH:MM:SS. 


-config (filename | i) Specifies the pathname of the settings file that contains 
command-line parameters. If you're using a configuration file, 
you can use -i as a placeholder for a list of input files that can 
be placed on the command line. If you're using the command 
line, don't use -i. You can also use wildcards, such as *.blg 
to specify several input file names at once. 


-q Displays the performance counters and time ranges of log files 
specified in the input file. 


-y Bypasses prompting by answering "yes" to all questions. 
R Displays help at the command prompt. 
Remarks 


The general format for counter paths is as follows: 
[\<computer>] \<object>[<parent>\<instance#index>] \<counter>] where the parent, instance, index, and 
counter components of the format may contain either a valid name or a wildcard character. The computer, 


parent, instance, and index components aren't necessary for all counters. 


You determine the counter paths to use based on the counter itself. For example, the LogicalDisk object has 
an instance <index> ,so you must provide the <#index> or a wildcard. Therefore, you could use the 


following format: \LogicalDisk(*/*#*)\\* . 


In comparison, the Process object doesn't require an instance <index> . Therefore, you can use the 


following format: \Process(*)\ID Process . 


If a wildcard character is specified in the Parent name, all instances of the specified object that match the 
specified instance and counter fields will be returned. 


If a wildcard character is specified in the Instance name, all instances of the specified object and parent 
object will be returned if all instance names corresponding to the specified index match the wildcard 
character. 


If a wildcard character is specified in the Counter name, all counters of the specified object are returned. 
Partial counter path string matches (for example, pro*) aren't supported. 


Counter files are text files that list one or more of the performance counters in the existing log. Copy the full 
counter name from the log or the /q output in <computer>\<object>\<instance>\<counter> format. List one 


counter path on each line. 


e When run, the relog command copies specified counters from every record in the input file, converting the 
format if necessary. Wildcard paths are allowed in the counter file. 


e Usethe/t parameter to specify that input files are inserted into output files at intervals of every nth 


record. By default, data is relogged from every record. 


e You can specify that your output logs include records from before the beginning time (that is, /b) to provide 
data for counters that require computation values of the formatted value. The output file will have the last 
records from input files with timestamps less than the /e (that is, end time) parameter. 


e The contents of the setting file used with the /config option should have the following format: 
<commandoption>\<value> , where <commandoption> is a command line option and <value> specifies its value. 


##Q# Examples 


To resample existing trace logs at fixed intervals of 30, list counter paths, output files, and formats, type: 
relog c:\perflogs\daily_trace_log.blg /cf counter_file.txt /o c:\perflogs\reduced_log.csv /t 30 /f csv 
To resample existing trace logs at fixed intervals of 30, list counter paths, and output file, type: 
relog c:\perflogs\daily_trace_log.blg /cf counter_file.txt /o c:\perflogs\reduced_log.blg /t 30 
To resample existing trace logs into a database, type: 


relog "c:\perflogs\daily_trace_log.blg" -f sql -o "SQL:sq12016x64odbc ! counter_log" 


Additional References 


e Command-Line Syntax Key 


rem 
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Records comments in a script, batch, or config.sys file. If no comment is specified, rem adds vertical spacing. 


Syntax 


rem [<comment>] 


Parameters 
PARAMETER DESCRIPTION 
«comment > Specifies a string of characters to include as a comment. 
/? Displays help at the command prompt. 
Remarks 


e Therem command doesn't display comments on the screen. To display comments on the screen, you must 
include the echo on command in your file. 


e You can't use a redirection character (< or >) or pipe( | ) in a batch file comment. 


e Although you can use rem without a comment to add vertical spacing to a batch file, you can also use blank 
lines. Blank lines are ignored when a batch program is processed. 


Examples 


To add vertical spacing through batch file comments, type: 


@echo off 

rem This batch program formats and checks new disks. 
rem It is named Checknew.bat. 

rem 

rem echo Insert new disk in Drive B. 

pause 

format b: /v chkdsk b: 


To include an explanatory comment before the prompt command in a config.sys file, type: 


rem Set prompt to indicate current directory 
prompt $p$g 


To provide a comment about what a script does, type: 


rem The commands in this script set up 3 drives. 

rem The first drive is a primary partition and is 
rem assigned the letter D. The second and third drives 
rem are logical partitions, and are assigned letters 
rem E and F. 

create partition primary size=2048 

assign d: 

create partition extended 

create partition logical size=2048 

assign e: 

create partition logical 

assign f: 


Additional References 


e Command-Line Syntax Key 


remove 
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Removes a drive letter or mount point from the volume with focus. If the all parameter is used, all current drive 


letters and mount points are removed. If no drive letter or mount point is specified, then DiskPart removes the first 


drive letter or mount point it encounters. 


The remove command can also be used to change the drive letter associated with a removable drive. You can't 


remove the drive letters on system, boot, or paging volumes. In addition, you can't remove the drive letter for an 


OEM partition, any GPT partition with an unrecognized GUID, or any of the special, non-data, GPT partitions such 


as the EFI system partition. 


NOTE 


A volume must be selected for the remove command to succeed. Use the select volume command to select a disk and shift 


the focus to it. 


Syntax 


remove [{letter=<drive> | mount=<path> [all]}] [noerr] 


Parameters 
PARAMETER 
letter= <drive> 
mount= <path> 
all 


noerr 


Examples 


To remove the di drive, type: 


remove letter=d 


Additional References 


e Command-Line Syntax Key 





DESCRIPTION 


The drive letter to remove. 


The mount point path to remove. 


Removes all current drive letters and mount points. 


For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 


ren 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Renames files or directories. 





NOTE 


This command is the same as the rename command. 





Syntax 


ren [<drive>:][<path>]<filename1> <filename2> 


Parameters 
PARAMETER DESCRIPTION 
[<drive>:][<path>]<filename1> Specifies the location and name of the file or set of files you 
want to rename. Filename? can include wildcard characters (* 
and ?). 
<filename2> Specifies the new name for the file. You can use wildcard 
characters to specify new names for multiple files. 
/? Displays help at the command prompt. 
Remarks 


e You can't specify a new drive or path when renaming files. You also can't use this command to rename files 
across drives or to move files to a different directory. 


e Characters represented by wildcard characters in fi/ename2 will be identical to the corresponding characters 


in filename. 


e Filename2 must be a unique file name. If filename? matches an existing file name, the following message 


appears: Duplicate file name or file not found. 


Examples 


To change all the .txt file name extensions in the current directory to .doc extensions, type: 


ren * txt *,doc 


To change the name of a directory from Chap70 to Part70, type: 


ren chap1@ part19 


Additional References 
e Command-Line Syntax Key 


e rename command 


rename 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Renames files or directories. 





NOTE 


This command is the same as the ren command. 





Syntax 


rename [<drive>:][<path>]<filename1> <filename2> 


Parameters 
PARAMETER DESCRIPTION 
[<drive>:][<path>]<filename1> Specifies the location and name of the file or set of files you 
want to rename. Filename1 can include wildcard characters (* 
and ?). 
<filename2> Specifies the new name for the file. You can use wildcard 
characters to specify new names for multiple files. 
/? Displays help at the command prompt. 
Remarks 


e You can't specify a new drive or path when renaming files. You also can't use this command to rename files 
across drives or to move files to a different directory. 


e Characters represented by wildcard characters in filename2 will be identical to the corresponding 


characters in filenameT. 


e Filename? must be a unique file name. If filename? matches an existing file name, the following message 


appears: Duplicate file name or file not found. 


Examples 


To change all the .txt file name extensions in the current directory to .doc extensions, type: 


rename *.txt *.doc 


To change the name of a directory from Chap70 to Part70, type: 


rename chap1@ part10 


Additional References 
e Command-Line Syntax Key 


e ren command 


repair 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Repairs the RAID-5 volume with focus by replacing the failed disk region with the specified dynamic disk. 


A volume in a RAID-5 array must be selected for this operation to succeed. Use the select volume command to 
select a volume and shift the focus to it. 


Syntax 


repair disk=<n> [align=<n>] [noerr] 


Parameters 
PARAMETER DESCRIPTION 
disk= <n> Specifies the dynamic disk that will replace the failed disk 
region. Where n must have free space greater than or equal 
to the total size of the failed disk region in the RAID-5 
volume. 
align= <n> Aligns all volume or partition extents to the closest alignment 
boundary. Where n is the number of kilobytes (KB) from the 
beginning of the disk to the closest alignment boundary. 
noerr for scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error didn't occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Examples 


To replace the volume with focus by replacing it with dynamic disk 4, type: 


repair disk=4 


Additional References 
e Command-Line Syntax Key 


e select volume command 


repair-bde 
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Attempts to reconstruct critical parts of a severely damaged drive and salvage recoverable data if the drive was 
encrypted by using BitLocker and if it has a valid recovery password or recovery key for decryption. 





IMPORTANT 


If the BitLocker metadata data on the drive is corrupt, you must be able to supply a backup key package in addition to the 
recovery password or recovery key. If you used the default key back up setting for Active Directory Domain Services, your 
key package is backed up there. You can use the BitLocker: Use BitLocker Recovery Password Viewer to obtain the key 
package from AD DS. 


Using the key package and either the recovery password or recovery key, you can decrypt portions of a BitLocker-protected 
drive, even if the disk is corrupted. Each key package works only for a drive with the corresponding drive identifier. 





Syntax 


repair-bde <inputvolume> <outputvolumeorimage> [-rk] [-rp] [-pw] [-kp] [-1f] [-] [{-?|/?}] 





WARNING 


The contents of the output volume will be completely deleted and overwritten by the decrypted contents from the 
damaged BitLocker drive. If you want to save any existing data on the selected target drive, move the existing data to other 
reliable backup media first, before running the repair-bde command. 





Parameters 


PARAMETER DESCRIPTION 


<inputvolume> Identifies the drive letter of the BitLocker-encrypted drive that 
you want to repair. The drive letter must include a colon; for 
example: C:. If the path to a key package isn't specified, this 
command searches the drive for a key package. In the event 
that the hard drive is damaged, this command might not be 
able to find the package and will prompt you to provide the 
path. 


<outputvolumeorimage> Identifies the drive on which to store the content of the 
repaired drive. All information on the output drive will be 
overwritten. 


-rk Identifies the location of the recovery key that should be used 
to unlock the volume. This command can also be specified as - 
recoverykey. 


-rp Identifies the numerical recovery password that should be 
used to unlock the volume. This command can also be 
specified as -recoverypassword. 


PARAMETER DESCRIPTION 


-pw Identifies the password that should be used to unlock the 
volume. This command can also be specified as -password 


-kp Identifies the recovery key package that can be used to unlock 
the volume. This command can also be specified as - 
keypackage. 

-If Specifies the path to the file that will store Repair-bde error, 


warning, and information messages. This command may also 
be specified as -logfile. 


-f Forces a volume to be dismounted even if it cannot be locked. 
This command can also be specified as -force. 


-? or /? Displays Help at the command prompt. 


Limitations 
The following limitations exist for the this command: 


e This command can't repair a drive that failed during the encryption or decryption process. 


e This command assumes that if the drive has any encryption, then the drive has been fully encrypted. 


Examples 


To attempt to repair drive C:, to write the content from drive C: to drive D: using the recovery key file 
(RecoveryKey.bek) stored on drive F:, and to write the results of this attempt to the log file (log.txt) on drive Z;, type: 


repair-bde C: D: -rk F:\RecoveryKey.bek -l1f Z:\log.txt 


To attempt to repair drive C: and to write the content from drive C: to drive D: using the 48-digit recovery password 
specified, type: 


repair-bde C: D: -rp 111111-222222-333333-444444-555555-666666-777777 -888888 





NOTE 


The recovery password should be typed in eight blocks of six digits with a hyphen separating each block. 





To force drive C: to dismount, attempt to repair drive C:, and then to write the content from drive C: to drive D: 
using the recovery key package and recovery key file (RecoveryKey.bek) stored on drive F:, type: 


repair-bde C: D: -kp F:\RecoveryKeyPackage -rk F:\RecoveryKey.bek -f 


To attempt to repair drive C: and to write the content from drive C: to drive D:, where you must type a password to 
unlock drive C: (when prompted), type: 


repair-bde C: D: -pw 


Additional References 


e Command-Line Syntax Key 


replace 


11/2/2020 * 2 minutes to read * Edit Online 





Replace existing files in a directory. If used with the /a option, this command adds new files to a directory instead 
of replacing existing files. 


Syntax 


replace [<drive1>:][<path1>]<filename> [<drive2>:][<path2>] [/a] [/p] [/r] [/w] 
replace [<drive1>:][<path1>]<filename> [<drive2>:][<path2>] [/p] [/r] [/s] [/w] [/u] 


Parameters 


PARAMETER DESCRIPTION 


[<drive1>:][<path1>]<filename> Specifies the location and name of the source file or set of files. 
The filename option is required, and can include wildcard 
characters (* and ?). 


[<drive2>:][<path2>] Specifies the location of the destination file. You can't specify a 
file name for files you replace. If you don't specify a drive or 
path, this command uses the current drive and directory as 
the destination. 


/a Adds new files to the destination directory instead of replacing 
existing files. You can't use this command-line option with the 
/s or /u command-line option. 


/p Prompts you for confirmation before replacing a destination 
file or adding a source file. 


fr Replaces Read-only and unprotected files. If you attempt to 
replace a Read-only file, but you don't specify /r, an error 
results and stops the replacement operation. 


/w Waits for you to insert a disk before the search for source files 
begins. If you don't specify /w, this command begins replacing 
or adding files immediately after you press ENTER. 


/s Searches all subdirectories in the destination directory and 
replaces matching files. You can't use /s with the /a 
command-line option. The command doesn't search 
subdirectories that are specified in Path7. 


/u Replaces only those files on the destination directory that are 
older than those in the source directory. You can't use /u with 
the /a command-line option. 


/? Displays help at the command prompt. 


Remarks 


e As this command adds or replaces files, the file names appear on the screen. After this command is done, a 


summary line is displayed in one of the following formats: 


nnn files added 
nnn files replaced 
no file added 

no file replaced 


e If you're using floppy disks and you need to switch disks while running this command, you can specify the 
/w command-line option so that this command waits for you to switch the disks. 


e You can't use this command to update hidden files or system files. 


e The following table shows each exit code and a brief description of its meaning: 


EXIT CODE DESCRIPTION 

0 This command successfully replaced or added the files. 

1 This command encountered an incorrect version of MS- 
DOS. 

2 This command couldn't find the source files. 

3 This command couldn't find the source or destination 
path. 

5 The user doesn't have access to the files that you want to 
replace. 

8 There is insufficient system memory to carry out the 
command. 

11 The user used the wrong syntax on the command line. 


NOTE 


You can use the ERRORLEVEL parameter on the if command line in a batch program to process exit codes that are returned 
by this command. 





Examples 


To update all the versions of a file named Phones.c/i (which appear in multiple directories on drive C:), with the 
latest version of the Phones.cli file from a floppy disk in drive A; type: 


replace a:\phones.cli c:\ /s 


Additional References 


e Command-Line Syntax Key 


rescan 
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Using the diskpart command interpreter, you can locate new disks added to your computer. 


Syntax 





rescan 





Additional References 
e Command-Line Syntax Key 


e Diskpart command 


Keen 
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Resets DiskShadow.exe to the default state. This command is especially useful in separating compound 
DiskShadow operations, such as create, import, backup, or restore. 


[IMPORTANT After you run this command, you will lose state information from commands, such as add, set, 
load, or writer. This command also releases IVssBackupComponent interfaces and loses non-persistent 
shadow copies. 


Syntax 


reset 


Additional References 


e Command-Line Syntax Key 
e create command 

e import command 

e backup command 

e restore command 

e add command 

e set command 

e load command 


e writer command 


reset session 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Enables you to reset (delete) a session on a Remote Desktop Session Host server. You should reset a session only 


when it malfunctions or appears to have stopped responding. 


NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 


Syntax 





reset session {<sessionname> | <sessionID>} [/server:<servername>] [/v] 


Parameters 


PARAMETER 


<sessionname> 


<sessionID> 


/server: <servername> 


IV 


fi 


Remarks 


DESCRIPTION 


Specifies the name of the session that you want to reset. To 
determine the name of the session, use the query session 
command. 


Specifies the ID of the session to reset. 


Specifies the terminal server containing the session that you 
want to reset. Otherwise, it uses the current Remote Desktop 
Session Host server. This parameter is required only if you use 
this command from a remote server. 


Displays information about the actions being performed. 


Displays help at the command prompt. 


e You can always reset your own sessions, but you must have Full Control access permission to reset another 


user's session. Be aware that resetting a user's session without warning the user can result in the loss of data at 


the session. 


Examples 


To reset the session designated rap-tcp#6, type: 


reset session rdp-tcp#6 


To reset the session that uses session /D 3, type: 


reset session 3 


Additional References 


e Command-Line Syntax Key 


e Remote Desktop Services Command Reference 


retain 
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Prepares an existing simple dynamic volume for use as a boot or system volume. If you use a master boot record 
(MBR) dynamic disk, this command creates a partition entry in the master boot record. If you use a GUID partition 
table (GPT) dynamic disk, this command creates a partition entry in the GUID partition table. 


Syntax 


retain 


Additional References 





e Command-Line Syntax Key 


revert 
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Reverts a volume back to a specified shadow copy. This is supported only for shadow copies in the 
CLIENTACCESSIBLE context. These shadow copies are persistent and can only be made by the system provider. If 
used without parameters, revert displays help at the command prompt. 


Syntax 


revert <shadowcopyID> 


Parameters 
PARAMETER DESCRIPTION 
<shadowcopyID> Specifies the shadow copy ID to revert the volume to. If you 


don't use this parameter, the command displays help at the 
command prompt. 


Additional References 


e Command-Line Syntax Key 


rEXEC 
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Runs a specified command on a remote host. The remote host must be running a rexecd service (or daemon) for 
rexec to connect to. 





risetup 
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Creates an operating system image by pulling the files from the original Windows Server 2003 CD or from a 
customized distribution folder containing these files. 





rmdir 
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Deletes a directory. 


The rmdir command can also run from the Windows Recovery Console, using different parameters. For more 
information, see Windows Recovery Environment (WinRE). 





NOTE 


This command is the same as the rd command. 





Syntax 


rmdir [<drive>:]<path> [/s [/q]] 


Parameters 
PARAMETER DESCRIPTION 
[<drive>:]<path> Specifies the location and the name of the directory that you 
want to delete. Path is required. If you include a backslash () at 
the beginning of the specified path, then the path starts at 
the root directory (regardless of the current directory). 

/s Deletes a directory tree (the specified directory and all its 
subdirectories, including all files). 

/q Specifies quiet mode. Does not prompt for confirmation when 

deleting a directory tree. The /q parameter works only if /s is 
also specified. 
CAUTION: When you run in quiet mode, the entire 
directory tree is deleted without confirmation. Make sure 
that important files are moved or backed up before using 
the /q command-line option. 

n Displays help at the command prompt. 

Remarks 


e You can't delete a directory that contains files, including hidden or system files. If you attempt to do so, the 
following message appears: 


The directory is not empty 


Use the dir /a command to list all files (including hidden and system files). Then use the attrib command 
with -h to remove hidden file attributes, -s to remove system file attributes, or -h -s to remove both hidden 
and system file attributes. After the hidden and file attributes have been removed, you can delete the files. 


e You can't use the rmdir command to delete the current directory. If you attempt to delete the current 
directory, the following error message appears: 


The process can't access the file because it is being used by another process. 


If you receive this error message, you must change to a different directory (not a subdirectory of the current 


directory), and then try again. 


Examples 


To change to the parent directory so you can safely remove the desired directory, type: 
diner 

To remove a directory named fest (and all its subdirectories and files) from the current directory, type: 
rmdir /s test 

To run the previous example in quiet mode, type: 
rmdir /s /q test 


Additional References 


e Command-Line Syntax Key 


robocopy 
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Copies file data from one location to another. 
Syntax 
robocopy <source> <destination> [<file>[ ...]] [<options>] 


For example, to copy a file named yearly-reportmov from c:\reports to a file share \marketing\videos while 
enabling multi-threading for higher performance (with the /mt parameter) and the ability to restart the transfer in 
case it's interrupted (with the /z parameter), type: 


robocopy c:\reports '\\marketing\videos' yearly-report.mov /mt /z 


Parameters 
PARAMETER DESCRIPTION 

<source> Specifies the path to the source directory. 

<destination> Specifies the path to the destination directory. 

<file> Specifies the file or files to be copied. Wildcard characters (* or 
?) are supported. If you don't specify this parameter, *.* is 
used as the default value. 

<options> Specifies the options to use with the robocopy command, 


including copy, file, retry, logging, and job options. 
Copy options 


OPTION DESCRIPTION 


/s Copies subdirectories. This option automatically excludes 
empty directories. 


/e Copies subdirectories. This option automatically includes 
empty directories. 


/lev: <n> Copies only the top n levels of the source directory tree. 
/z Copies files in restartable mode. 

/b Copies files in Backup mode. 

/zb Uses restartable mode. If access is denied, this option uses 


Backup mode. 


OPTION 


/efsraw 


/copy: <copyflags> 


/dcopy: <copyflags> 


/sec 


/copyall 


/nocopy 


/secfix 


/timfix 


/purge 


/mir 


/mov 


/move 


DESCRIPTION 


Copies all encrypted files in EFS RAW mode. 


Specifies which file properties to copy. The valid values for this 
option are: 

e D- Data 

e A - Attributes 

e T - Time stamps 

S - NTFS access control list (ACL) 

e O - Owner information 


e U - Auditing information 
The default value for this option is DAT (data, attributes, and 


time stamps). 


Specifies what to copy in directories. The valid values for this 
option are: 

e D - Data 

e A - Attributes 

e T - Time stamps 


The default value for this option is DA (data and attributes). 


Copies files with security (equivalent to /copy:DATS). 


Copies all file information (equivalent to /copy:DATSOU). 


Copies no file information (useful with /purge). 


Fixes file security on all files, even skipped ones. 


Fixes file times on all files, even skipped ones. 


Deletes destination files and directories that no longer exist in 
the source. Using this option with the /e option and a 
destination directory, allows the destination directory security 
settings to not be overwritten. 


Mirrors a directory tree (equivalent to /e plus /purge). Using 
this option with the /e option and a destination directory, 
overwrites the destination directory security settings. 


Moves files, and deletes them from the source after they are 
copied. 


Moves files and directories, and deletes them from the source 
after they are copied. 


OPTION 


/a+:[RASHCNET] 


/a-:[RASHCNET] 


/create 
/fat 

/256 
/mon: <n> 
/mot: <m> 
/MT [:n] 


/rh:hhmm-hhmm 


/pf 


/ipg:n 


sl 


DESCRIPTION 


Adds the specified attributes to copied files. The valid values 
for this option are: 

e R - Read only 

e A - Archive 

e S - System 

e H- Hidden 

e C - Compressed 

e N - Not content indexed 

e E- Encrypted 

e T - Temporary 


Removes the specified attributes from copied files. The valid 
values for this option are: 

e R - Read only 

e A - Archive 

e S - System 

e H - Hidden 

e C - Compressed 

e N - Not content indexed 

e E- Encrypted 

e T - Temporary 


Creates a directory tree and zero-length files only. 


Creates destination files by using 8.3 character-length FAT file 
names only. 


Turns off support for paths longer than 256 characters. 


Monitors the source, and runs again when more than n 
changes are detected. 


Monitors the source, and runs again in m minutes, if changes 
are detected. 


Creates multi-threaded copies with n threads. n must be an 
integer between 1 and 128. The default value for n is 8. For 
better performance, redirect your output using /log option. 


The /mt parameter can't be used with the /ipg and 
/efsraw parameters. 


Specifies run times when new copies may be started. 


Checks run times on a per-file (not per-pass) basis. 


Specifies the inter-packet gap to free bandwidth on slow lines. 


Don't follow symbolic links and instead create a copy of the 
link. 





IMPORTANT 


When using the /secfix copy option, specify the type of security information you want to copy, using one of these additional 


copy options: 


e /copyall 
e /copy:o 
e /copy:s 
e /copy:u 


e /sec 





File selection options 


OPTION DESCRIPTION 
/a Copies only files for which the Archive attribute is set. 
/m Copies only files for which the Archive attribute is set, and 


resets the Archive attribute. 


/ia: [RASHCNETO] Includes only files for which any of the specified attributes are 
set. The valid values for this option are: 
e R- Read only 
e A - Archive 
e S - System 
e H - Hidden 
e C - Compressed 
e N - Not content indexed 
e E- Encrypted 
e T - Temporary 
O - Offline 


/Xa: [RASHCNETO] Excludes files for which any of the specified attributes are set. 
The valid values for this option are: 
e R- Read only 
e A - Archive 
e S- System 
e H- Hidden 
e C - Compressed 
e N - Not content indexed 
e E- Encrypted 
e T - Temporary 
O - Offline 


/xf <filename>[ ...] Excludes files that match the specified names or paths. 
Wildcard characters (* and ?) are supported. 


/xd <directory>[ ...] Excludes directories that match the specified names and paths. 
/xc Excludes changed files. 
/xn Excludes newer files. 


/xO Excludes older files. 


OPTION 


/XX 


/x\ 


/is 


/it 


/max: <n> 


/min: <n> 


/maxage: <n> 


/minage: <n> 


/maxlad: <n> 


/minlad: <n> 


IX 


/fft 


/dst 


/xjd 


jf 


Retry options 


OPTION 


fr: <n> 


/W: <n> 


/reg 


/tbd 


DESCRIPTION 


Excludes extra files and directories. 


Excludes "lonely" files and directories. 


Includes the same files. 


Includes modified files. 


Specifies the maximum file size (to exclude files bigger than n 
bytes). 


Specifies the minimum file size (to exclude files smaller than n 
bytes). 


Specifies the maximum file age (to exclude files older than n 
days or date). 


Specifies the minimum file age (exclude files newer than n days 
or date). 


Specifies the maximum last access date (excludes files unused 
since n). 


Specifies the minimum last access date (excludes files used 
since 7) If nis less than 1900, n specifies the number of days. 
Otherwise, 1 specifies a date in the format YYYYMMDD. 


Excludes junction points, which are normally included by 
default. 


Assumes FAT file times (two-second precision). 


Compensates for one-hour DST time differences. 


Excludes junction points for directories. 


Excludes junction points for files. 


DESCRIPTION 


Specifies the number of retries on failed copies. The default 
value of nis 1,000,000 (one million retries). 


Specifies the wait time between retries, in seconds. The default 
value of nis 30 (wait time 30 seconds). 


Saves the values specified in the /r and /w options as default 
settings in the registry. 


Specifies that the system will wait for share names to be 
defined (retry error 67). 


Logging options 


OPTION 


Å 


/X 


IV 


/ts 


/fp 


/bytes 


/ns 


/nc 


/nfl 


/ndl 


/np 


/eta 


/log: <logfile> 


/log+: <logfile> 


/unicode 


/unilog: <logfile> 


/unilog+: <logfile> 


/tee 


/njh 


/njs 


Job options 


DESCRIPTION 


Specifies that files are to be listed only (and not copied, 
deleted, or time stamped). 


Reports all extra files, not just those that are selected. 


Produces verbose output, and shows all skipped files. 


Includes source file time stamps in the output. 


Includes the full path names of the files in the output. 


Prints sizes, as bytes. 


Specifies that file sizes are not to be logged. 


Specifies that file classes are not to be logged. 


Specifies that file names are not to be logged. 


Specifies that directory names are not to be logged. 


Specifies that the progress of the copying operation (the 
number of files or directories copied so far) will not be 
displayed. 


Shows the estimated time of arrival (ETA) of the copied files. 


Writes the status output to the log file (overwrites the existing 
log file). 


Writes the status output to the log file (appends the output to 
the existing log file). 


Displays the status output as Unicode text. 


Writes the status output to the log file as Unicode text 
(overwrites the existing log file). 


Writes the status output to the log file as Unicode text 
(appends the output to the existing log file). 


Writes the status output to the console window, as well as to 
the log file. 


Specifies that there is no job header. 


Specifies that there is no job summary. 


OPTION 


/job: <jobname> 


/save: <jobname> 


/quit 


/nosd 


/nodd 


/if 


Exit (return) codes 


VALUE 


NOTE 


DESCRIPTION 


Specifies that parameters are to be derived from the named 
job file. 


Specifies that parameters are to be saved to the named job 
file. 


Quits after processing command line (to view parameters). 


Indicates that no source directory is specified. 


Indicates that no destination directory is specified. 


Includes the specified files. 


DESCRIPTION 


No files were copied. No failure was encountered. No files were 
mismatched. The files already exist in the destination directory; 
therefore, the copy operation was skipped. 


All files were copied successfully. 


There are some additional files in the destination directory 
that are not present in the source directory. No files were 
copied. 


Some files were copied. Additional files were present. No 
failure was encountered. 


Some files were copied. Some files were mismatched. No 
failure was encountered. 


Additional files and mismatched files exist. No files were copied 
and no failures were encountered. This means that the files 
already exist in the destination directory. 


Files were copied, a file mismatch was present, and additional 
files were present. 


Several files did not copy. 


Any value greater than 8 indicates that there was at least one failure during the copy operation. 


Additional References 


e Command-Line Syntax Key 





route 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays and modifies the entries in the local IP routing table. If used without parameters, route displays help at 
the command prompt. 





IMPORTANT 


This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a 
network adapter in Network Connections. 





Syntax 


route [/f] [/p] [<command> [<destination>] [mask <netmask>] [<gateway>] [metric <metric>]] [if <interface>]] 


Parameters 


PARAMETER DESCRIPTION 


jf Clears the routing table of all entries that are not host routes 
(routes with a netmask of 255.255.255.255), the loopback 
network route (routes with a destination of 127.0.0.0 anda 
netmask of 255.0.0.0), or a multicast route (routes with a 
destination of 224.0.0.0 and a netmask of 240.0.0.0). If this is 
used in conjunction with one of the commands (such as add, 
change, or delete), the table is cleared prior to running the 
command. 


/p When used with the add command, the specified route is 
added to the registry and is used to initialize the IP routing 
table whenever the TCP/IP protocol is started. By default, 
added routes are not preserved when the TCP/IP protocol is 
started. When used with the print command, the list of 
persistent routes is displayed. This parameter is ignored for all 
other commands. Persistent routes are stored in the registry 
location 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S 
ervices\Tcpip\Parameters\PersistentRoutes. 


<command> Specifies the command you want to run. The valid commands 
include: 
e add - Adds a route. 
e change - Modifies an existing route. 
e delete: - Deletes a route or routes. 
@ print - Prints a route or routes. 


PARAMETER 


<destination> 


mask <netmask> 


<gateway> 


metric <metric> 


if <interface> 


P? 


Remarks 


DESCRIPTION 


Specifies the network destination of the route. The destination 
can be an IP network address (where the host bits of the 
network address are set to 0), an IP address for a host route, 
or 0.0.0.0 for the default route. 


Specifies the network destination of the route. The destination 
can be an IP network address (where the host bits of the 
network address are set to 0), an IP address for a host route, 
or 0.0.0.0 for the default route. 


Specifies the forwarding or next hop IP address over which the 
set of addresses defined by the network destination and 
subnet mask are reachable. For locally attached subnet routes, 
the gateway address is the IP address assigned to the 
interface that is attached to the subnet. For remote routes, 
available across one or more routers, the gateway address is a 
directly reachable IP address that is assigned to a neighboring 
router. 


Specifies an integer cost metric (ranging from 1 to 9999) for 
the route, which is used when choosing among multiple 
routes in the routing table that most closely match the 
destination address of a packet being forwarded. The route 
with the lowest metric is chosen. The metric can reflect the 
number of hops, the speed of the path, path reliability, path 
throughput, or administrative properties. 


Specifies the interface index for the interface over which the 
destination is reachable. For a list of interfaces and their 
corresponding interface indexes, use the display of the route 
print command. You can use either decimal or hexadecimal 
values for the interface index. For hexadecimal values, precede 
the hexadecimal number with Ox. When the if parameter is 
omitted, the interface is determined from the gateway 
address. 


Displays help at the command prompt. 


e Large values in the metric column of the routing table are the result of allowing TCP/IP to automatically 


determine the metric for routes in the routing table based on the configuration of IP address, subnet mask, 


and default gateway for each LAN interface. Automatic determination of the interface metric, enabled by 


default, determines the speed of each interface and adjusts the metrics of routes for each interface so that 


the fastest interface creates the routes with the lowest metric. To remove the large metrics, disable the 


automatic determination of the interface metric from the advanced properties of the TCP/IP protocol for 


each LAN connection. 


e Names can be used for destination if an appropriate entry exists in the local Networks file stored in the 


systemroot\System32\Drivers\\ folder. Names can be used for the gateway as long as they can be resolved 


to an IP address through standard host name resolution techniques such as Domain Name System (DNS) 


queries, use of the local Hosts file stored in the systemroot\system32\drivers\\ folder, and NetBIOS name 


resolution. 


e if the command is print or delete, the gateway parameter can be omitted and wildcards can be used for the 


destination and gateway. The destination value can be a wildcard value specified by an asterisk (*) . If the 


destination specified contains an asterisk (*) ora question mark (?), it's treated as a wildcard and only 


matching destination routes are printed or deleted. The asterisk matches any string, and the question mark 
matches any single character. For example, 10.\*.1, 192.168.\* , 127.\* ,and \*224\* are all valid uses of 


the asterisk wildcard. 


e Using an unsupported combination of a destination and subnet mask (netmask) value displays a "Route: bad 
gateway address netmask" error message. This error message appears when the destination contains one or 
more bits set to 1 in bit locations where the corresponding subnet mask bit is set to 0. To test this condition, 
express the destination and subnet mask using binary notation. The subnet mask in binary notation consists 
of a series of 1 bits, representing the network address portion of the destination, and a series of 0 bits, 
representing the host address portion of the destination. Check to determine whether there are bits in the 
destination that are set to 1 for the portion of the destination that is the host address (as defined by the 
subnet mask). 


Examples 


To display the entire contents of the IP routing table, type: 
route print 

To display the routes in the IP routing table that begin with 10, type: 
route print 10.* 

To add a default route with the default gateway address of 192.168.12.1, type: 
route add 0.0.0.0 mask 0.0.0.0 192.168.12.1 


To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0 and the next hop address of 
10.27.0.1, type: 


route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 


To add a persistent route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0 and the next hop address 
of 10.27.0.1, type: 


route /p add 10.41.0.@ mask 255.255.0.0 10.27.0.1 


To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, the next hop address of 10.27.0.1, 
and the cost metric of 7, type: 


route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 metric 7 


To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, the next hop address of 10.27.0.1, 
and using the interface index 0x3, type: 


route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 if Øx3 


To delete the route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, type: 


route delete 10.41.0.0 mask 255.255.0.0 
To delete all routes in the IP routing table that begin with 10, type: 
route delete 10.* 


To change the next hop address of the route with the destination of 10.41.0.0 and the subnet mask of 255.255.0.0 
from 10.27.0.1 to 10.27.0.25, type: 


route change 10.41.0.0 mask 255.255.0.0 10.27.0.25 


Additional References 


e Command-Line Syntax Key 


rpcinfo 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Lists programs on remote computers. The rpcinfo command-line utility makes a remote procedure call (RPC) to 
an RPC server and reports what it finds. 


Syntax 


rpcinfo [/p [<node>]] [/b <program version>] [/t <node program> [<version>]] [/u <node program> [<version>]] 


Parameters 

PARAMETER DESCRIPTION 

/p [<node>] lists all programs registered with the port mapper on the 
specified host. If you do not specify a node (computer) name, 
the program queries the port mapper on the local host. 

/b <program version> Requests a response from all network nodes that have the 
specified program and version registered with the port 
mapper. You must specify both a program name or number 
and a version number. 

/t <node program> [\<version>] Uses the TCP transport protocol to call the specified program. 
You must specify both a node (computer) name and a 
program name. If you do not specify a version, the program 
calls all versions. 

/U <node program> [\<version>] Uses the UDP transport protocol to call the specified 
program. You must specify both a node (computer) name and 
a program name. If you do not specify a version, the program 
calls all versions. 

£ Displays help at the command prompt. 

Examples 


To list all programs registered with the port mapper, type: 


rpcinfo /p [<node>] 


To request a response from network nodes that have a specified program, type: 


rpcinfo /b <program version> 


To use Transmission Control Protocol (TCP) to call a program, type: 


rpcinfo /t <node program> [<version>] 


Use User Datagram Protocol (UDP) to call a program: 


rpcinfo /u <node program> [<version>] 


Additional References 


e Command-Line Syntax Key 


rocping 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Confirms the RPC connectivity between the computer running Microsoft Exchange Server and any of the 
supported Microsoft Exchange Client workstations on the network. This utility can be used to check if the Microsoft 
Exchange Server services are responding to RPC requests from the client workstations via the network. 


Syntax 


rpcping [/t <protseq>] [/s <server_addr>] [/e <endpoint> 
|/# <interface UUID>[,majorver]] [/O <interface object UUID] 
[/i <#_iterations>] [/u <security package id>] [/a <authn_level>] 
[/N <server_princ_name>] [/I <auth_identity>] [/C <capabilities>] 
[/T <identity_tracking>] [/M <impersonation_type>] 
[/S <server_sid>] [/P <proxy_auth_identity>] [/F <RPCHTTP_flags>] 
[/H <RPC/HTTP_authn_schemes>] [/o <binding options>] 
[/B <server certificate subject>] [/b] [/E] [/q] [/c] 
[/A <http proxy auth identity>] [/U «HTTP proxy authn schemes>] 
[/r <report results interval>] [/v <verbose level>] [/d] 


Parameters 

PARAMETER DESCRIPTION 

/t <protseq> Specifies the protocol sequence to use. Can be one of the 
standard RPC protocol sequences: ncacn_ip_tcp, ncacn_np, or 
ncacn_http. 
If not specified, default is ncacn_ip_tcp. 

/S <server_addr> Specifies the server address. If not specified, the local machine 
will be pinged. 

/e <endpoint> Specifies the endpoint to ping. If none is specified, the 


endpoint mapper on the target machine will be pinged. 


This option is mutually exclusive with the interface (/f) 
option. 


/0 <binding options> Specifies the binding options for the RPC ping. 


PARAMETER 


/f «interface UUID>[,Majorver] 


/O <object UUID> 


/i <#_iterations> 


/U <security package id> 


/a <authn level> 


/N «server princ name> 


DESCRIPTION 


Specifies the interface to ping. This option is mutually exclusive 
with the endpoint option. The interface is specified as a UUID. 


if the majorver is not specified, version 1 of the interface 
will be sought. 


When interface is specified, rpcping will query the 
endpoint mapper on the target machine to retrieve the 
endpoint for the specified interface. The endpoint mapper 
will be queried using the options specified in the 
command line. 


Specifies the object UUID if the interface registered one. 


Specifies the number of calls to make. The default is 1. This 
option is useful for measuring connection latency if multiple 
iterations are specified. 


Specifies the security package (security provider) RPC will use 
to make the call. The security package is identified as a 
number or a name. If a number is used it is the same number 
as in the RpcBindingSetAuthInfoEx API. If you specify this 
option, you must specify an authentication level other than 
none. There's no default for this option. If it isn't specified, RPC 
won't use security for the ping. The list below shows the 
names and numbers. Names are not case sensitive: 

& Negotiate / 9 or one of nego, snego or negotiate 

e NTLM / 10 or NTLM 

@ SChannel / 14 or SChannel 

& Kerberos / 16 or Kerberos 

© Kernel / 20 or Kernel 


Specifies the authentication level to use. If this option is 
specified, the security package ID (/u) must also be specified. If 
this option isn't specified, RPC won't use security for the ping. 
There's no default for this option. Possible values are: 

e connect 

e call 

e pkt 

e integrity 

e privacy 


Specifies a server principal name. 


This field can be used only when authentication level and 
security package are selected. 


PARAMETER 


/I <auth identity» 


/C <capabilities> 


/T <identity_tracking> 


/M <impersonation type> 


/S <server_sid> 


/P <proxy auth identity> 


/F <RPCHTTP_flags> 


/H <«RPC/HTTP authn schemes> 


DESCRIPTION 


Allows you to specify alternative identity to connect to the 
server. The identity is in the form user, domain,password. If the 
user name, domain, or password have special characters that 
can be interpreted by the shell, enclose the identity in double 
quotes. You can specify \* instead of the password and RPC 
will prompt you to enter the password without echoing it on 
the screen. If this field is not specified, the identity of the 
logged on user will be used. 


This field can be used only when authentication level and 
security package are selected. 


Specifies a hexadecimal bitmask of flags. This field can be used 
only when authentication level and security package are 
selected. 


Specifies static or dynamic. If not specified, dynamic is the 
default. 

This field can be used only when authentication level and 
security package are selected. 


Specifies anonymous, identify, impersonate or delegate. 
Default is impersonate. 

This field can be used only when authentication level and 
security package are selected. 


Specifies the expected SID of the server. 


This field can be used only when authentication level and 
security package are selected. 


Specifies the identity to authenticate with to the RPC/HTTP 
proxy. Has the same format as for the /I option. You must 

specify security package (/u), authentication level (/a), and 

authentication schemes (/H) in order to use this option. 


Specifies the flags to pass for RPC/HTTP front end 
authentication. The flags may be specified as numbers or 
names The currently recognized flags are: 

e Use SSL /1 or ssl or use_ssl 

e Use first auth scheme / 2 or first or use_first 


You must specify security package (/u) and authentication 
level (/a) to use this option. 


Specifies the authentication schemes to use for RPC/HTTP 
front end authentication. This option is a list of numerical 
values or names separated by comma. Example: Basic, NTLM. 
Recognized values are (names are not case sensitive): 

e Basic / 1 or Basic 

e NTLM /2 or NTLM 

e Certificate / 65536 or Cert 


You must specify security package (/u) and authentication 
level (/a) in order to use this option. 


PARAMETER 


/B «server certificate subject> 


/b 


/R 


/E 


/q 


/c 


/A 


/U 


fr 


DESCRIPTION 


Specifies the server certificate subject. You must use SSL for 
this option to work. 


You must specify security package (/u) and authentication 
level (/a) in order to use this option. 


Retrieves the server certificate subject from the certificate sent 
by the server and prints it to a screen or a log file. Valid only 
when the Proxy echo only option (/E) and the use SSL options 
are specified. 


You must specify security package (/u) and authentication 
level (/a) in order to use this option. 


Specifies the HTTP proxy. If none, the RPC proxy is used. The 
value defau/t means to use the IE settings in your client 
machine. Any other value will be treated as the explicit HTTP 
proxy. If you do not specify this flag, the default value is 
assumed, that is, the IE settings are checked. This flag is valid 
only when the /E (echo Only) flag is enabled. 


Restricts the ping to the RPC/HTTP proxy only. The ping does 
not reach the server. Useful when trying to establish whether 
the RPC/HTTP proxy is reachable. To specify an HTTP proxy, 
use the /R flag. If an HTTP proxy is specified in the /o flag, this 
option will be ignored. 


You must specify security package (/u) and authentication 
level (/a) in order to use this option. 


Specifies quiet mode. Does not issue any prompts except for 
passwords. Assumes Y response to all queries. Use this option 
with care. 


Use smart card certificate. rpcping will prompt user to choose 
smart card. 


Specifies the identity with which to authenticate to the HTTP 
proxy. Has the same format as for the /I option. 


You must specify authentication schemes (/U), security 
package (/u) and authentication level (/a) in order to use 
this option. 


Specifies the authentication schemes to use for HTTP proxy 
authentication. This option is a list of numerical values or 
names separated by comma. Example: Basic NTLM. Recognized 
values are (names are not case sensitive): 

e Basic / 1 or Basic 

e NTLM /2 or NTLM 


You must specify security package (/u) and authentication 
level (/a) in order to use this option. 


If multiple iterations are specified, this option will make 
rpcping display current execution statistics periodically 
instead after the last call. The report interval is given in 
seconds. Default is 15. 


PARAMETER DESCRIPTION 


N Tells rpcping how verbose to make the output. Default value 
is 1. 2 and 3 provide more output from rpcping. 


/d Launches RPC network diagnostic Ul. 

/p Specifies to prompt for credentials if authentication fails. 

/ Displays help at the command prompt. 
Examples 


To find out if the Exchange server you connect through RPC/HTTP is accessible, type: 


rpcping /t ncacn http /s exchange server /0 RpcProxy=front end proxy /P username,domain,* /H Basic /u NTLM /a 
connect /F 3 


Additional References 


e Command-Line Syntax Key 


rsh 
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Runs commands on remote computers running the RSH service or daemon. 





After installing the subsystem for UNIX-based Applications, you can then open a C Shell or Korn Shell command 
window and runrsh. For more information, type man rsh at the C Shell or Korn Shell prompt. 


rundll32 
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Loads and runs 32-bit dynamic-link libraries (DLLs). There are no configurable settings for Rundll32. Help 
information is provided for a specific DLL you run with the rundll32 command. 


You must run the rundll32 command from an elevated command prompt. To open an elevated command prompt, 
click Start, right-click Command Prompt, and then click Run as administrator. 


Syntax 


rund1132 <DLLname> 


Parameters 

PARAMETER DESCRIPTION 

Rundll32 printui.dll,PrintUlEntry Displays the printer user interface. 
Remarks 


Rundll32 can only call functions from a DLL explicitly written to be called by Rundll32. 


Additional References 


e Command-Line Syntax Key 


rundll32 printui.dll, PrintUlEntry 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Automates many printer configuration tasks. printui.dll is the executable file that contains the functions used by 
the printer configuration dialog boxes. These functions can also be called from within a script or a command-line 
batch file, or they can be run interactively from the command prompt. 


Syntax 


rund1132 printui.dll PrintUIEntry [baseparameter] [modificationparameter1] [modificationparameter2] 
[modificationparameterN] 


You can also use the following alternate syntaxes, although the examples in this topic use the previous syntax: 


rund1132 printui.dll,PrintUIEntry [baseparameter] [modificationparameter1] [modificationparameter2] 
[ModificationParameterN] 


rund1132 printui PrintUIEntry [baseparameter] [modificationparameter1] [modificationparameter2] 
[modificationparameterN] 


rund1132 printui,PrintUIEntry [baseparameter] [modificationparameter1] [modificationparameter2] 
[modificationparameterN ] 


Parameters 


There are two types of parameters: base parameters and modification parameters. Base parameters specify the 
function that the command is to perform. Only one of these parameters can appear in a given command line. 
Then, you can modify the base parameter by using one or more of the modification parameters if they are 
applicable to the base parameter (not all modification parameters are supported by all base parameters). 


BASE PARAMETERS DESCRIPTION 

/dl Deletes the local printer. 

/dn Deletes a network printer connection. 

/dd Deletes a printer driver. 

/e Displays the printing preferences for a given printer. 

/ga adds a per computer printer connection (the connection is 


available to any user on that computer when they log on). 


/ge Displays per computer printer connections on a computer. 


BASE PARAMETERS 


/gd 


/ia 


/id 


/if 


/ii 


jil 


/in 


/ip 


/k 


/o 


/p 


/s 


/Ss 


DESCRIPTION 


Deletes a per computer printer connection (the connection is 
deleted the next time a user logs on). 


Installs a printer driver by using an .inf file. 


Installs a printer driver by using the add printer Driver Wizard. 


Installs a printer by using an .inf file. 


Installs a printer by using the add printer wizard with an .inf 
file. 


Installs a printer by using the add printer wizard. 


Connects to a remote network printer. 


Installs a printer by using the Network printer Installation 
Wizard (available from the user interface from print 
Management). 


prints a test page on a printer. 


Displays the queue for a printer. 


Displays the properties of a printer. When you use this 
parameter, you must also specify a value for the modification 
parameter /n[name]. 


Displays the properties of a print server. If you want to view 
the local print server, you do not need to use a modification 
parameter. However, if you want to view a remote print server, 
you must specify the /c[name] modification parameter. 


Specifies what type of information for a printer will be stored. 

If none of the values for /Ss are specified, the default behavior 

is as if all of them were specified. Use this base parameter with 

the following values placed at the end of the command line: 

@ 2: Stores the information contained in the printer s 
printER_INFO_2 structure. This structure contains the 
basic information about the printer such as its name, 
server name, port name, and share name. 

e 7: Used to store the directory service information 
contained in the printER INFO 7 structure. 

e c: Stores the color profile information for a printer. 

e d: Stores printer specific data such as the printer s 
hardware ID. 

e s: Stores the printer s security descriptor. 

e g: Stores the information in the printer s global 
DEVmode structure. 

e m: Stores the minimal settings for the printer. This is 
equivalent to specifying 2 d, and g. 

e u: Stores the information in the printer s per user 
DEVmode structure. 


BASE PARAMETERS 


/Sr 


/Xg 


/y 


P? 


DESCRIPTION 


Specifies what information about a printer is restored and 
how conflicts in settings are handled. Use with the following 
values placed at the end of the command line: 

e 2: Restores the information contained in the printer s 
printER_INFO_2 structure. This structure contains the 
basic information about the printer such as its name, 
server name, port name, and share name. 

e 7: Restores the directory service information contained 
in the printER_INFO_7 structure. 

e c: Restores the color profile information for a printer. 

e d: Restores printer specific data, such as the printer s 
hardware ID. 

e s: Restores the printer s security descriptor. 

e g: Restores the information in the printer s global 
DEVmode structure. 

e m: Restores the minimal settings for the printer. This is 
equivalent to specifying 2, d, and g. 

e u Restores the information in the printe s per user 
DEVmode structure. 

e r: Ifthe printer name stored in the file is different from 
the name of the printer being restored to, then use 
the current printer name. This cannot be specified with 
f. If neither r nor f is specified and the names do not 
match, restoration of the settings fails. 

e f: Ifthe printer name stored in the file is different from 
the name of the printer being restored to, then use 
the printer name in the file. This cannot be specified 
with r. If neither f nor r is specified and the names do 
not match, restoration of the settings fails. 

e p: Ifthe port name in the file being restored from 
does not match the current port name of the printer 
being restored to, the printer s current port name is 
used. 

e h: Ifthe printer being restored to could not be shared 
using the resource share name in the saved settings 
file, then attempt to share the printer with either the 
current share name or a new generated share name if 
neither H nor h is specified and the printer being 
restored to cannot be shared with the saved share 
name, then restoration fails. 

e h: Ifthe printer being restored to cannot be shared 
with the saved share name, then do not share the 
printer. If neither H nor h is specified and the printer 
being restored to cannot be shared with the saved 
share name, then restoration fails. 

e j: If the driver in the saved settings file does not match 
the driver for the printer being restored to, then the 
restoration fails. 


Retrieves the settings for a printer. 


Sets the settings for a printer. 


Sets the printer being installed as the default printer. 


Displays the in-product help for the command and its 
associated parameters. 


BASE PARAMETERS 


@ffile] 


MODIFICATION PARAMETERS 


/a{file] 


/b[name] 


/c[name] 


file] 


/Fffile] 


/h[architecture] 


/j[provider] 


/\[path] 


/m[model] 


/n[name] 


/q 


/r[port] 


/u 


AF 


/N [version] 


/w 


DESCRIPTION 


Specifies a command-line argument file and directly inserts 
the text in that file into the command line. 


DESCRIPTION 


Specifies the binary file name. 


Specifies the base printer name. 


Specifies the computer name if the action to be performed is 
on a remote computer. 


Species the Universal Naming Convention (UNC) path and 
name of the .inf file name or the output file name, depending 
on the task that you are performing. Use /F[file] to specify a 
dependent inf file. 


Specifies the UNC path and name of a .inf file that the inf file 
specified with /f[file] depends on. 


Specifies the driver architecture. Use one of the following: 
x86, x64, or Itanium. 


Specifies the print provider name. 


Specifies the UNC path where the printer driver files that you 
are using are located. 


Specifies the driver model name. (This value can be specified in 
the .inf file.) 


Specifies the printer name. 


Runs the command with no notifications to the user. 


Specifies the port name. 


Specifies to use the existing printer driver if it is already 
installed. 


Specifies the zero-based index page to start on. 


Specifies the driver version. If you do not also specify a value 
for /K, you must specify one of the following values: type 2 - 
Kernel mode or type 3 - User mode. 


prompts the user for a driver if the driver is not found in the 
inf file that is specified by /f. 


Specifies that printer names should not be automatically 
generated. 


MODIFICATION PARAMETERS DESCRIPTION 


/z Specifies to not automatically share the printer being installed. 


/K changes the meaning of the parameter /h[architecture] to 
accept 2 in place of x86, 3 in place of x64, or 4 in place of 
Itanium. It also changes the value of the parameter 
/v[version] to accept 2 in the place of type 2 - Kernel 
mode and 3 in place of type 3 - User mode. 


/Z Shares the printer that is being installed. Only use with the /if 
parameter. 
/Mw[message] Displays a warning message to the user before committing 


the changes specified in the command line. 


/Mq[message] Displays a confirmation message to the user before 
committing the changes specified in the command line. 


/Mfflags] Specifies any parameters or options for the add printer wizard, 
the add printer Driver Wizard, and the Network printer 
Installation Wizard. 


r: Enables the wizards to be restarted from the last page. 


/G[flags] Specifies global parameters and options that you want to use. 


w: Suppresses setup driver warnings to the user. 


Remarks 
e The PrintUlEntry keyword is case sensitive, and you must enter the syntax for this command with the 
exact capitalization shown in the examples in this topic. 


e For more examples, ata command prompt type: rundll32 printui.dll,PrintUlEntry /? 


Examples 


To add a new remote printer, printer1, for a computer, Client1, which is visible for the user account where this 


command is run, type: 
rund1132 printui.dll PrintUIEntry /in /n\\client1\printer1 

To add a printer using the add printer wizard and using an .inf file, InfFile.inf, located on drive c: at Infpath, type: 
rund1132 printui.d1ll PrintUIEntry /ii /f c:\Infpath\InfFile. inf 

To delete an existing printer, printer1, on a computer, Client, type: 
rund1132 printui.dll PrintUIEntry /dn /n\\client1\printer1 


To add a per computer printer connection, printer2, for all users of a computer, Client2, type (the connection will be 
applied when a user logs on): 


rundl132 printui.dll PrintUIEntry /ga /n\\client2\printer2 


To delete a per computer printer connection, printer2, for all users of a computer, Client2, type (the connection will 
be deleted when a user logs on): 


rund1132 printui.d1ll PrintUIEntry /gd /n\\client2\printer2 
To view the properties of the print server, printServer1, type: 

rund1132 printui.dll PrintUIEntry /s /t1 /c\\printserver1 
To view the properties of a printer, printer3, type: 


rundl132 printui.dll PrintUIEntry /p /n\\printer3 


Additional References 


e rundll32 


e print Command Reference 


rwinsta 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Resets (deletes) a session on a Remote Desktop Session Host server. 





NOTE 


This command is the same as the reset session command. 








NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 





Additional References 
e reset session 
e Command-Line Syntax Key 


e Remote Desktop Services (Terminal Services) Command Reference 


ye å 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays or sets the storage area network (san) policy for the operating system. If used without parameters, the 
current san policy is displayed. 


Syntax 





san [policy={onlineAll | offlineAll | offlineShared}] [noerr] 





Parameters 


PARAMETER DESCRIPTION 


PARAMETER 


policy={onlineAll 


DESCRIPTION 


offlineAll 


offlineShared}] 


Sets the san policy for the 
currently booted operating 
system. The san policy 
determines whether a newly 
discovered disk is brought 
online or remains offline, and 
whether it becomes 
read/write or remains read- 
only. When a disk is offline, 
the disk layout can be read, 
but no volume devices are 
surfaced through Plug and 
Play. This means that no file 
system can be mounted on 
the disk. When a disk is 
online, one or more volume 
devices are installed for the 
disk. The following is an 
explanation of each 
parameter: 

© onlineAll. Specifies 
that all newly 
discovered disks will 
be brought online 
and made read/write. 
IMPORTANT: 
Specifying onlineAll 
on a server that 
shares disks could 
lead to data 
corruption. Therefore, 
you should not set 
this policy if disks are 
shared among 
servers unless the 
server is part of a 
cluster. 

@ offlineAll. Specifies 
that all newly 
discovered disks 
except the startup 
disk will be offline 
and read-only by 
default. 

© offlineShared. 
Specifies that all 
newly discovered 
disks that do not 
reside on a shared 
bus (such as SCSI 
and iSCSI) are 
brought online and 
made read-write. 

Disks that are left 
offline will be read- 
only by default. 


For more information, see 
VDS_san_POLICY 
Enumeration. 


PARAMETER DESCRIPTION 


noerr Used for scripting only. 
When an error is 
encountered, DiskPart 
continues to process 
commands as if the error did 
not occur. Without this 
parameter, an error causes 
DiskPart to exit with an error 
code. 


Examples 
To view the current policy, type: 
san 


To make all newly discovered disks, except the startup disk, offline and read-only by default, type: 


san policy=offlineAll 


Additional References 


e Command-Line Syntax Key 


sc.exe config 
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Modifies the value of a service's entries in the registry and in the Service Control Manager database. 


Syntax 


sc.exe [<servername>] config [<servicename>] [type= {own | share | kernel | filesys | rec | adapt | interact 
type= {own | share}}] [start= {boot | system | auto | demand | disabled | delayed-auto}] [error= {normal | 
severe | critical | ignore}] [binpath= <binarypathname>] [group= <loadordergroup>] [tag= {yes | no}] [depend= 
<dependencies>] [obj= {<accountname> | <objectname>}] [displayname= <displayname>] [password= <password>] 


Parameters 
PARAMETER DESCRIPTION 

<servername> Specifies the name of the remote server on which the service 
is located. The name must use the Universal Naming 
Convention (UNC) format (for example, \myserver). To run 
SC.exe locally, don't use this parameter. 

<servicename> Specifies the service name returned by the getkeyname 
operation. 

type= {own | share | kernel | filesys | rec | adapt Specifies the service type. The options include: 


Se een ee ene © own - Specifies a service that runs in its own process. 


It doesn't share an executable file with other services. 
This is the default value. 

e share - Specifies a service that runs as a shared 
process. It shares an executable file with other services. 

e kernel - Specifies a driver. 

e filesys - Specifies a file system driver. 

e rec - Specifies a file system-recognized driver that 
identifies file systems used on the computer. 

¢ adapt - Specifies an adapter driver that identifies 
hardware devices such as keyboards, mice, and disk 
drives. 

e interact - Specifies a service that can interact with the 
desktop, receiving input from users. Interactive 
services must be run under the LocalSystem account. 
This type must be used in conjunction with type= 
own or type= shared (for example, type= interact 
type= own). Using type= interact by itself will 
generate an error. 


PARAMETER 


start= (boot | system | auto | demand | disabled | 
delayed-auto) 


error= (normal | severe | critical | ignore) 


binpath= <binarypathname> 


group= <loadordergroup> 


tag= {yes | no} 


depend= <dependencies> 


DESCRIPTION 


Specifies the start type for the service. The options include: 

© boot - Specifies a device driver that is loaded by the 
boot loader. 

e system - Specifies a device driver that is started 
during kernel initialization. 

e auto - Specifies a service that automatically starts 
each time the computer is restarted and runs even if 
no one logs on to the computer. 

e demand - Specifies a service that must be started 
manually. This is the default value if start= is not 
specified. 

e disabled - Specifies a service that cannot be started. 
To start a disabled service, change the start type to 
some other value. 

e delayed-auto - Specifies a service that starts 
automatically a short time after other auto services are 
started. 


Specifies the severity of the error if the service fails to start 

when the computer is started. The options include: 

© normal - Specifies that the error is logged and a 
message box is displayed, informing the user that a 
service has failed to start. Startup will continue. This is 
the default setting. 

e severe - Specifies that the error is logged (if possible). 
The computer attempts to restart with the last-known 
good configuration. This could result in the computer 
being able to restart, but the service may still be 
unable to run. 

© critical - Specifies that the error is logged (if possible). 
The computer attempts to restart with the last-known 
good configuration. If the last-known good 
configuration fails, startup also fails, and the boot 
process halts with a Stop error. 

e ignore - Specifies that the error is logged and startup 
continues. No notification is given to the user beyond 
recording the error in the Event Log. 


Specifies a path to the service binary file. There is no default 
for binpath=, and this string must be supplied. 


Specifies the name of the group of which this service is a 
member. The list of groups is stored in the registry, in the 
HKLM\System\CurrentControlSet\Control\ServiceGrou 
pOrder subkey. The default value is null. 


Specifies whether or not to obtain a TagID from the 
CreateService call. Tags are used only for boot-start and 
system-start drivers. 


Specifies the names of services or groups that must start 
before this service. The names are separated by forward 
slashes (/). 


PARAMETER 


obj= (<accountname> | <objectname>) 


displayname= <displayname> 


password= <password> 


P? 


Remarks 


DESCRIPTION 


Specifies a name of an account in which a service will run, or 
specifies a name of the Windows driver object in which the 
driver will run. The default setting is LocalSystem. 


Specifies a descriptive name for identifying the service in user 
interface programs. For example, the subkey name of one 
particular service is wuauserv, which has a more friendly 
display name of Automatic Updates. 


Specifies a password. This is required if an account other than 
the LocalSystem account is used. 


Displays help at the command prompt. 


e Each command-line option (parameter) must include the equal sign as part of the option name. 


e A space is required between an option and its value (for example, type= own. If the space is omitted, the 


operation fails. 


Examples 


To specify a binary path for the NewService service, type: 


sc.exe config NewService binpath= ntsd -d c:\windows\system32\NewServ.exe 


Additional References 


e Command-Line Syntax Key 


sc.exe create 
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Creates a subkey and entries for a service in the registry and in the Service Control Manager database. 


Syntax 


sc.exe [<servername>] create [<servicename>] [type= {own | share | kernel | filesys | rec | interact type= 
{own | share}}] [start= {boot | system | auto | demand | disabled | delayed-auto}] [error= {normal | severe | 
critical | ignore}] [binpath= <binarypathname>] [group= <loadordergroup>] [tag= {yes | no}] [depend= 
<dependencies>] [obj= {<accountname> | <objectname>}] [displayname= <displayname>] [password= <password>] 


Parameters 
PARAMETER DESCRIPTION 
<servername> Specifies the name of the remote server on which the service 
is located. The name must use the Universal Naming 
Convention (UNC) format (for example, \myserver). To run 
SC.exe locally, don't use this parameter. 
<servicename> Specifies the service name returned by the getkeyname 
operation. 
type= {own | share | kernel | filesys | rec Specifies the service type. The options include: 


Pee be oe ged © own - Specifies a service that runs in its own process. 


It doesn't share an executable file with other services. 
This is the default value. 

e share - Specifies a service that runs as a shared 
process. It shares an executable file with other services. 

e kernel - Specifies a driver. 

e filesys - Specifies a file system driver. 

e rec - Specifies a file system-recognized driver that 
identifies file systems used on the computer. 

e interact - Specifies a service that can interact with the 
desktop, receiving input from users. Interactive 
services must be run under the LocalSystem account. 
This type must be used in conjunction with type= 
own or type= shared (for example, type= interact 
type= own). Using type= interact by itself will 
generate an error. 


PARAMETER 


start= (boot | system | auto | demand | disabled | 
delayed-auto) 


error= (normal | severe | critical | ignore) 


binpath= <binarypathname> 


group= <loadordergroup> 


tag= {yes | no} 


depend= <dependencies> 


DESCRIPTION 


Specifies the start type for the service. The options include: 

© boot - Specifies a device driver that is loaded by the 
boot loader. 

e system - Specifies a device driver that is started 
during kernel initialization. 

e auto - Specifies a service that automatically starts 
each time the computer is restarted and runs even if 
no one logs on to the computer. 

e demand - Specifies a service that must be started 
manually. This is the default value if start= is not 
specified. 

e disabled - Specifies a service that cannot be started. 
To start a disabled service, change the start type to 
some other value. 

e delayed-auto - Specifies a service that starts 
automatically a short time after other auto services are 
started. 


Specifies the severity of the error if the service fails to start 

when the computer is started. The options include: 

© normal - Specifies that the error is logged and a 
message box is displayed, informing the user that a 
service has failed to start. Startup will continue. This is 
the default setting. 

e severe - Specifies that the error is logged (if possible). 
The computer attempts to restart with the last-known 
good configuration. This could result in the computer 
being able to restart, but the service may still be 
unable to run. 

© critical - Specifies that the error is logged (if possible). 
The computer attempts to restart with the last-known 
good configuration. If the last-known good 
configuration fails, startup also fails, and the boot 
process halts with a Stop error. 

e ignore - Specifies that the error is logged and startup 
continues. No notification is given to the user beyond 
recording the error in the Event Log. 


Specifies a path to the service binary file. There is no default 
for binpath=, and this string must be supplied. 


Specifies the name of the group of which this service is a 
member. The list of groups is stored in the registry, in the 
HKLM\System\CurrentControlSet\Control\ServiceGrou 
pOrder subkey. The default value is null. 


Specifies whether or not to obtain a TagID from the 
CreateService call. Tags are used only for boot-start and 
system-start drivers. 


Specifies the names of services or groups that must start 
before this service. The names are separated by forward 
slashes (/). 


PARAMETER 


obj= (<accountname> | <objectname>) 


displayname= <displayname> 


password= <password> 


P? 


Remarks 


DESCRIPTION 


Specifies a name of an account in which a service will run, or 
specifies a name of the Windows driver object in which the 
driver will run. The default setting is LocalSystem. 


Specifies a friendly name for identifying the service in user 
interface programs. For example, the subkey name of one 
particular service is wuauserv, which has a more friendly 
display name of Automatic Updates. 


Specifies a password. This is required if an account other than 
the LocalSystem account is used. 


Displays help at the command prompt. 


e Each command-line option (parameter) must include the equal sign as part of the option name. 


e A space is required between an option and its value (for example, type= own. If the space is omitted, the 


operation fails. 


Examples 


To create and register a new binary path for the NewService service, type: 


sc.exe \\myserver create NewService binpath= c:\windows\system32\NewServ.exe 


sc.exe create NewService binpath= c:\windows\system32\NewServ.exe type= share start= auto depend= +TDI NetBIOS 


Additional References 


e Command-Line Syntax Key 


sc.exe delete 
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Deletes a service subkey from the registry. If the service is running or if another process has an open handle to the 
service, the service is marked for deletion. 


NOTE 


We don't recommend you to use this command to delete built-in operating system services such as DHCP DNS, or Internet 


Information Services. To install, remove, or reconfigure operating system roles, services and components, see Install or 


Uninstall Roles, Role Services, or Features 





Syntax 


sc.exe [<servername>] delete [<servicename>] 


Parameters 
PARAMETER DESCRIPTION 
<servername> Specifies the name of the remote server on which the service 
is located. The name must use the Universal Naming 
Convention (UNC) format (for example, \myserver). To run 
SC.exe locally, don't use this parameter. 
<servicename> Specifies the service name returned by the getkeyname 
operation. 
R Displays help at the command prompt. 
Examples 


To delete the service subkey NewServ from the registry on the local computer, type: 


sc.exe delete NewServ 


Additional References 


e Command-Line Syntax Key 


SC.exe query 
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Obtains and displays information about the specified service, driver, type of service, or type of driver. 


Syntax 


Sc.exe [<servername>] query [<servicename>] [type= (driver | service | all)] [type= (own | share | interact | 
kernel | filesys | rec | adapt}] [state= {active | inactive | all}] [bufsize= <Buffersize>] [ri= 


<Resumeindex>] [group= <groupname>] 


Parameters 


PARAMETER 


<servername> 


<servicename> 


type= {driver service | all} 


type= {own | share | interact | kernel | filesys | 
rec | adapt} 


DESCRIPTION 


Specifies the name of the remote server on which the service 
is located. The name must use the Universal Naming 
Convention (UNC) format (for example, \myserver). To run 
SC.exe locally, don't use this parameter. 


Specifies the service name returned by the getkeyname 
operation. This query parameter isn't used in conjunction 
with other query parameters (other than servernamé). 


Specifies what to enumerate. The options include: 

e driver - Specifies that only drivers are enumerated. 

e service - Specifies only services are enumerated. This 
is the default value. 

e all - Specifies that both drivers and services are 
enumerated. 


Specifies the type of services or type of drivers to be 

enumerated. The options include: 

© own - Specifies a service that runs in its own process. 
It doesn't share an executable file with other services. 
This is the default value. 

e share - Specifies a service that runs as a shared 
process. It shares an executable file with other services. 

e kernel - Specifies a driver. 

e filesys - Specifies a file system driver. 

e rec - Specifies a file system-recognized driver that 
identifies file systems used on the computer. 

e interact - Specifies a service that can interact with the 
desktop, receiving input from users. Interactive 
services must be run under the LocalSystem account. 
This type must be used in conjunction with type= 
own or type= shared (for example, type= interact 
type= own). Using type= interact by itself will 
generate an error. 


PARAMETER DESCRIPTION 


state= {active | inactive | all} Specifies the started state of the service to be enumerated. 
The options include: 


@ active - Specifies all active services. This is the default 
value. 


e inactive - Specifies all paused or stopped services. 
@ all - Specifies all services. 


bufsize= <Buffersize> Specifies the size (in bytes) of the enumeration buffer. The 
default buffer size is 1,024 bytes. You should increase the size 
of the buffer when the display resulting from a query goes 
over 1,024 bytes. 


ris <Resumeindex> Specifies the index number at which enumeration is to begin 
or resume. The default value is 0 (zero). If more information is 
returned than what the default buffer can display, use this 
parameter with the bufsize= parameter. 


group= <Groupname> Specifies the service group to be enumerated. By default, all 
groups are enumerated. By default, all groups are enumerated 
(**group= **). 


/ Displays help at the command prompt. 


Remarks 


e Each command-line option (parameter) must include the equal sign as part of the option name. 


e A space is required between an option and its value (for example, type= own. If the space is omitted, the 
operation fails. 


e@ The query operation displays the following information about a service: SERVICE NAME (service's registry 
subkey name), TYPE, STATE (as well as states which are not available), WIN32_EXIT_B, SERVICE_EXIT_B, 
CHECKPOINT, and WAIT HINT. 


e Thetype= parameter can be used twice in some cases. The first appearance of the type= parameter 
specifies whether to query services, drivers, or both (all). The second appearance of the type= parameter 
specifies a type from the create operation to further narrow a query's scope. 


e When the display results from a query command exceed the size of the enumeration buffer, a message 
similar to the following is displayed: 
Enum: more data, need 1822 bytes start resume at index 79 
To display the remaining **query** information, rerun **query**, setting **bufsize=** to be the number 
of bytes and setting **ri=** to the specified index. For example, the remaining output would be 


displayed by typing the following at the command prompt: 


sc.exe query bufsize= 1822 ri= 79 


Examples 


To display information for active services only, type either of the following commands: 


sc.exe query 
sc.exe query type= service 


To display information for active services, and to specify a buffer size of 2,000 bytes, type: 
sc.exe query type= all bufsize= 2000 

To display information for the wuauserv service, type: 
sc.exe query wuauserv 

To display information for all services (active and inactive), type: 
sc.exe query state= all 

To display information for all services (active and inactive), beginning at line 56, type: 
sc.exe query state= all ri= 56 

To display information for interactive services, type: 
sc.exe query type= service type= interact 

To display information for drivers only, type: 
sc.exe query type= driver 

To display information for drivers in the Network Driver Interface Specitication (NDIS) group, type: 
sc.exe query type= driver group= NDIS 


Additional References 


e Command-Line Syntax Key 


schtasks commands 
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Schedules commands and programs to run periodically or at a specific time, adds and removes tasks from the 
schedule, starts and stops tasks on demand, and displays and changes scheduled tasks. 


NOTE 


The schtasks.exe tool performs the same operations as Scheduled Tasks in Control Panel. You can use these tools 
together and interchangeably. 





Required permissions 


e To schedule, view, and change all tasks on the local computer, you must be a member of the Administrators 
group. 


e To schedule, view, and change all tasks on the remote computer, you must be a member of the 


Administrators group on the remote computer, or you must use the /u parameter to provide the credentials 
of an Administrator of the remote computer. 


e You can use the /u parameter in a /create or /change operation if the local and remote computers are in 
the same domain, or if the local computer is in a domain that the remote computer domain trusts. 
Otherwise, the remote computer can't authenticate the user account specified, and it can't verify that the 
account is a member of the Administrators group. 


e The task you plan to run must have the appropriate permission; these permissions vary by task. By default, 
tasks run with the permissions of the current user of the local computer, or with the permissions of the user 
specified by the /u parameter, if one is included. o run a task with permissions of a different user account or 
with system permissions, use the /ru parameter. 


Syntax 


schtasks change 
schtasks create 
schtasks delete 
schtasks end 
schtasks query 
schtasks run 


Parameters 
PARAMETER DESCRIPTION 
schtasks change Changes one or more of the following properties of a task: 


e The program that the task runs (/tr) 

* The user account under which the task runs (/ru) 
* The password for the user account (/rp) 

e Adds the interactive-only property to the task (/it) 


schtasks create Schedules a new task. 


PARAMETER 
schtasks delete 
schtasks end 
schtasks query 


schtasks run 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Deletes a scheduled task. 


Stops a program started by a task. 


Displays tasks scheduled to run on the computer. 


Starts a scheduled task immediately. The run operation 
ignores the schedule, but uses the program file location, user 
account, and password saved in the task to run the task 
immediately. 


schtasks change 
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Changes one or more of the following properties of a task: 
e The program that the task runs (/tr) 

e The user account under which the task runs (/ru) 

e The password for the user account (/rp) 


e Adds the interactive-only property to the task (/it) 


Required permissions 


e To schedule, view, and change all tasks on the local computer, you must be a member of the Administrators 
group. 


e To schedule, view, and change all tasks on the remote computer, you must be a member of the 
Administrators group on the remote computer, or you must use the /u parameter to provide the credentials 
of an Administrator of the remote computer. 


e You can use the /u parameter in a /create or /change operation if the local and remote computers are in 
the same domain, or if the local computer is in a domain that the remote computer domain trusts. 
Otherwise, the remote computer can't authenticate the user account specified, and it can't verify that the 
account is a member of the Administrators group. 


e The task you plan to run must have the appropriate permission; these permissions vary by task. By default, 
tasks run with the permissions of the current user of the local computer, or with the permissions of the user 
specified by the /u parameter, if one is included. o run a task with permissions of a different user account or 
with system permissions, use the /ru parameter. 


Syntax 


schtasks /change /tn <Taskname> [/s <computer> [/u [<domain>\]<user> [/p <password>]]] [/ru <username>] [/rp 
<password>] [/tr <Taskrun>] [/st <Starttime>] [/ri <interval>] [{/et <Endtime> | /du <duration>} [/k]] [/sd 
<Startdate>] [/ed <Enddate>] [/{ENABLE | DISABLE}] [/it] [/z] 


Parameters 
PARAMETER DESCRIPTION 
/tn <Taskname> Identifies the task to be changed. Enter the task name. 
/S <computer> Specifies the name or IP address of a remote computer (with 


or without backslashes). The default is the local computer. 


PARAMETER 


/U [<domain>] 


/P <password> 


/ru <username> 


/rp <password> 


/tr <Taskrun> 


/St <«Starttime> 


fri <interval> 


Jet <Endtime> 


/du  <duration> 


/k 


/sd <Startdate> 


/ed <Enddate> 


DESCRIPTION 


Runs this command with the permissions of the specified user 
account. By default, the command runs with the permissions 
of the current user of the local computer. The specified user 
account must be a member of the Administrators group on 
the remote computer. The /u and /p parameters are valid 
only when you use /S. 


Specifies the password of the user account specified in the /u 
parameter. If you use the /u parameter without the /p 
parameter or the password argument, schtasks will prompt 
you for a password. The /u and /p parameters are valid only 
when you use /s. 


Changes the user name under which the scheduled task has 
to run. For the system account, valid values are ” "NT 
AUTHORITVYVSYSTEM", or "SYSTEM". 


Specifies a new password for the existing user account, or the 
user account specified by the /ru parameter. This parameter is 
ignored with used with the local System account. 


Changes the program that the task runs. Enter the fully 
qualified path and file name of an executable file, script file, or 
batch file. If you don't add the path, schtasks assumes that 
the file is in the <systemroot>\System32 directory. The 
specified program replaces the original program run by the 
task. 


Specifies the start time for the task, using the 24-hour time 
format, HH:mm. For example, a value of 14:30 is equivalent to 
the 12-hour time of 2:30 PM. 


Specifies the repetition interval for the scheduled task, in 
minutes. Valid range is 1 - 599940 (599940 minutes = 9999 
hours). If either the /et or /du parameters are specified, the 
default is 10 minutes. 


Specifies the end time for the task, using the 24-hour time 
format, HH:mm. For example, a value of 14:30 is equivalent to 
the 12-hour time of 2:30 PM. 


A value that specifies the duration to run the task. The time 
format is HH:mm (24-hour time). For example, a value of 
14:30 is equivalent to the 12-hour time of 2:30 PM. 


Stops the program that the task runs at the time specified by 
/et or /du. Without /k, schtasks doesn't start the program 
again after it reaches the time specified by /et or /du nor 
does it stop the program if it's still running. This parameter is 
optional and valid only with a MINUTE or HOURLY schedule. 


Specifies the first date on which the task should be run. The 
date format is MM/DD/YYYY. 


Specifies the last date on which the task should be run. The 
format is MM/DD/YYYY. 


PARAMETER DESCRIPTION 


/ENABLE Specifies to enable the scheduled task. 
/DISABLE Specifies to disable the scheduled task. 
/it Specifies to run the scheduled task only when the run as user 


(the user account under which the task runs) is logged on to 
the computer. This parameter has no effect on tasks that run 
with system permissions or tasks that already have the 
interactive-only property set. You can't use a change 
command to remove the interactive-only property from a 
task. By default, run as user is the current user of the local 
computer when the task is scheduled or the account specified 
by the /u parameter, if one is used. However, if the command 
includes the /ru parameter, then the run as user is the 
account specified by the /ru parameter. 


/z Specifies to delete the task upon the completion of its 
schedule. 
R Displays help at the command prompt. 
Remarks 


The /tn and /s parameters identify the task. The /tr, /ru, and /rp parameters specify properties of the task 
that you can change. 


The /ru and /rp parameters specify the permissions under which the task runs. The /u and /p parameters 
specify the permissions used to change the task. 


To change tasks on a remote computer, the user must be logged on to the local computer with an account 
that is a member of the Administrators group on the remote computer. 


To run a/change command with the permissions of a different user (/u, /p), the local computer must be in 
the same domain as the remote computer or must be in a domain that the remote computer domain trusts. 


The System account doesn't have interactive logon rights. Users don't see, and can't interact with, programs 
run with system permissions. To identify tasks with the /it property, use a verbose query (/query /v).Ina 
verbose query display of a task with /it, the Logon Mode field has a value of Interactive only. 


Examples 


To change the program that the Virus Check task runs from VirusCheck.exe to VirusCheck2.exe, type: 


schtasks /change /tn Virus Check /tr C:\VirusCheck2.exe 


This command uses the /tn parameter to identify the task and the /tr parameter to specify the new program for 


the task. (You can't change the task name.) 


To change the password of the user account for the RemindMe task on the remote computer, Svr07, type: 


schtasks /change /tn RemindMe /s Svr@1 /rp p@ssWord3 


This procedure is required whenever the password for a user account expires or changes. If the password saved in 


a 


task is no longer valid, then the task doesn't run. The command uses the /tn parameter to identify the task and 


the /s parameter to specify the remote computer. It uses the /rp parameter to specify the new password, 


pOssWorda3. 
To change the ChkNews task, which starts Notepad.exe every morning at 9:00 A.M., to start Internet Explorer 
instead, type: 


schtasks /change /tn ChkNews /tr c:\program files\Internet Explorer\iexplore.exe /ru DomainX\Admine1 


The command uses the /tn parameter to identify the task. It uses the /tr parameter to change the program that 
the task runs and the /ru parameter to change the user account under which the task runs. The /ru and /rp 
parameters, which provide the password for the user account, is not used. You must provide a password for the 
account, but you can use the /ru and /rp parameter and type the password in clear text, or wait for SchTasks.exe to 
prompt you for a password, and then enter the password in obscured text. 


To change the SecurityScript task so that it runs with permissions of the System account, type: 


schtasks /change /tn SecurityScript /ru 


The command uses the /ru parameter to indicate the System account. Because tasks run with System account 
permissions do not require a password, SchTasks.exe does not prompt for one. 


To add the interactive-only property to MyApp, an existing task, type: 


schtasks /change /tn MyApp /it 


This property assures that the task runs only when the run as user, that is, the user account under which the task 
runs, is logged on to the computer. The command uses the /tn parameter to identify the task and the /it 
parameter to add the interactive-only property to the task. Because the task already runs with the permissions of 
my user account, you don't need to change the /ru parameter for the task. 


Additional References 
e Command-Line Syntax Key 

e schtasks create command 

e schtasks delete command 

e schtasks end command 

e schtasks query command 


e schtasks run command 


schtasks create 
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Schedules a task. 


Syntax 


schtasks /create /sc <scheduletype> /tn <taskname> /tr <taskrun> [/s <computer> [/u [<domain>\]<user> [/p 
<password>]]] [/ru {[<domain>\]<user> | system}] [/rp <password>] [/mo <modifier>] [/d <day>[,<day>...] | *] 
[/m <month>[,<month>...]] [/i <idletime>] [/st <starttime>] [/ri <interval>] [{/et <endtime> | /du <duration>} 
[/k]] [/sd <startdate>] [/ed <enddate>] [/it] [/z] [/f] 


Parameters 


PARAMETER DESCRIPTION 


/SC <scheduletype> Specifies the schedule type. The valid values include: 

@ MINUTE - Specifies the number of minutes before the 
task should run. 

@ HOURLY - Specifies the number of hours before the 
task should run. 

© DAILY - Specifies the number of days before the task 
should run. 

© WEEKLY Specifies the number of weeks before the 
task should run. 

@ MONTHLY - Specifies the number of months before 
the task should run. 

e ONCE - Specifies that that task runs once at a 
specified date and time. 

© ONSTART - Specifies that the task runs every time 
the system starts. You can specify a start date, or run 
the task the next time the system starts. 

e ONLOGON - Specifies that the task runs whenever a 
user (any user) logs on. You can specify a date, or run 
the task the next time the user logs on. 

© ONIDLE - Specifies that the task runs whenever the 
system is idle for a specified period of time. You can 
specify a date, or run the task the next time the 
system is idle. 


/tn <taskname> Specifies a name for the task. Each task on the system must 
have a unique name and must conform to the rules for file 
names, not exceeding 238 characters. Use quotation marks to 
enclose names that include spaces. 


/tr <Taskrun> Specifies the program or command that the task runs. Type 
the fully qualified path and file name of an executable file, 
script file, or batch file. The path name must not exceed 262 
characters. If you don't add the path, schtasks assumes that 
the file is in the <systemroot>\System32 directory. 


/S <computer> Specifies the name or IP address of a remote computer (with 
or without backslashes). The default is the local computer. 


PARAMETER 


/uU [<domain>] 


/P <password> 


/ru ([<domain>V]<user> | system} 


/rp <password> 


DESCRIPTION 


Runs this command with the permissions of the specified user 
account. The default is the permissions of the current user of 
the local computer. The /u and /p parameters are valid only 
when you use /s. The permissions of the specified account are 
used to schedule the task and to run the task. To run the task 
with the permissions of a different user, use the /ru 
parameter. The user account must be a member of the 
Administrators group on the remote computer. Also, the local 
computer must be in the same domain as the remote 
computer, or must be in a domain that is trusted by the 
remote computer domain. 


Specifies the password of the user account specified in the /u 
parameter. If you use the /u parameter without the /p 
parameter or the password argument, schtasks will prompt 
you for a password. The /u and /p parameters are valid only 
when you use /s. 


Runs the task with permissions of the specified user account. 

By default, the task runs with the permissions of the current 

user of the local computer, or with the permission of the user 

specified by the /u parameter, if one is included. The /ru 

parameter is valid when scheduling tasks on local or remote 

computers. The valid options include: 

© Domain - Specifies an alternate user account. 

e System - Specifies the local System account, a highly 
privileged account used by the operating system and 
system services. 


Specifies a the password for the existing user account, or the 
user account specified by the /ru parameter. If you don't use 
this parameter when specifying a user account, SchTasks.exe 
will prompt you for the password next time you sign in. Don't 
use the /rp parameter for tasks that run with System account 
credentials (/ru System). The System account doesn't have a 
password and SchTasks.exe doesn't prompt for one. 


PARAMETER 


/mo <modifiers> 


/d DAYLDAV..] 


/m MONTHLMONTH...] 


DESCRIPTION 


Specifies how often the task runs within its schedule type. The 
valid options include: 


MINUTE - Specifies that the task runs every minutes. 
You can use any value between 1 - 1439 minutes. By 
default, this is 1 minute. 
HOURLY - Specifies that the task runs every hours. 
You can use any value between 1 - 23 hours. By 
default, this is 1 hour. 
DAILY - Specifies that the task runs every days. You 
can use any value between 1 - 365 days. By default, 
this is 1 day. 
WEEKLY - Specifies that the task runs every weeks. 
You can use any value between 1 - 52 weeks. By 
default, this is 1 week. 
MONTHLY - Specifies that the task runs every 
months. You can use any of the following values: 
e Anumber between 1 - 12 months 
e LASTDAY - To run the task on the last day of 
the month 
e FIRST, SECOND, THIRD, or FOURTH along 
with the /d <day> parameter - Specifies 
the particular week and day to run the task. 
For example, on the third Wednesday of the 
month. 


ONCE - Specifies that the task runs once. 
ONSTART - Specifies that the task runs at startup. 
ONLOGON - Specifies that the task runs when the 
user specified by the /u parameter logs on. 
ONIDLE - Specifies that the task runs after the 
system is idle for the number of minutes specified by 
the /i parameter 


Specifies how often the task runs within its schedule type. The 
valid options include: 


WEEKLY - Specifies that the task runs weekly by 
providing a value between 1-52 weeks. Optionally, you 
can also add a specific day of the week by adding a 
value of MON - SUN or a range of [MON - SUN...]). 
MONTHLY - Specifies that the task runs weekly each 
month by providing a value of FIRST, SECOND, THIRD, 
FOURTH, LAST. Optionally, you can also add a specific 
day of the week by adding a value of MON - SUN or 
by providing a number between 1 - 12 months. If you 
use this option, you can also add a specific day of the 
month, by providing a number between 1-31. 

NOTE: The date value of 1 - 31 is valid only 

without the /mo parameter, or if the /mo 

parameter is monthly (1 - 12). The default is day 1 
(the first day of the month). 


Specifies a month or months of the year during which the 
scheduled task should run. The valid options include JAN - 
DEC and * (every month). The /m parameter is valid only 
with a MONTHLY schedule. It's required when the LASTDAY 
modifier is used. Otherwise, it's optional and the default value 


is 


* (every month). 


PARAMETER 


/i 


/St <«Starttime> 


/ri <interval> 


/et <Endtime> 


/du <«duration> 


/k 


/sd 


DESCRIPTION 


Specifies how many minutes the computer is idle before the 
task starts. A valid value is a whole number from 1 to 999. 
This parameter is valid only with an ONIDLE schedule, and 
then it's required. 


Specifies the start time for the task, using the 24-hour time 
format, HH:mm. The default value is the current time on the 
local computer. The /st parameter is valid with MINUTE, 
HOURLY, DAILY, WEEKLY, MONTHLY, and ONCE schedules. It's 
required for a ONCE schedule. 


Specifies the repetition interval for the scheduled task, in 
minutes. This isn't applicable for schedule types: MINUTE, 
HOURLY, ONSTART, ONLOGON, and ONIDLE. Valid range is 1 
- 599940 (599940 minutes = 9999 hours). If either the /et or 
/du parameters are specified, the default is 10 minutes. 


Specifies the time of day that a minute or hourly task 
schedule ends in <HH:MM> 24-hour format. After the 
specified end time, schtasks does not start the task again until 
the start time recurs. By default, task schedules have no end 
time. This parameter is optional and valid only with a MINUTE 
or HOURLY schedule. 


Specifies a maximum length of time for a minute or hourly 
schedule in HHHH:MM 24-hour format. After the specified 
time elapses, schtasks does not start the task again until the 
start time recurs. By default, task schedules have no 
maximum duration. This parameter is optional and valid only 
with a MINUTE or HOURLY schedule. 


Stops the program that the task runs at the time specified by 
/et or /du. Without /k, schtasks doesn't start the program 
again after it reaches the time specified by /et or /du nor 
does it stop the program if it's still running. This parameter is 
optional and valid only with a MINUTE or HOURLY schedule. 


Specifies the date on which the task schedule starts. The 
default value is the current date on the local computer. The 
format for Startdate varies with the locale selected for the 
local computer in Regional and Language Options. Only 
one format is valid for each locale. The valid date formats 
include (be sure to choose the format most similar to the 
format selected for Short date in Regional and Language 
Options on the local computer): 
e <MM>//  - Specifies to use month-first formats, such 
as English (United States) and Spanish (Panama). 
6 <DD>// - Specifies to use day-first formats, such as 
Bulgarian and Dutch (Netherlands). 
e@ <YYYY>// - Specifies to use for year-first formats, 
such as Swedish and French (Canada). 


PARAMETER 


/ed <Enddate> 


/it 


/Z 
/t 
/ 


To schedule a task to run every <n> 


DESCRIPTION 


Specifies the date on which the schedule ends. This parameter 
is optional. It isn't valid in a ONCE, ONSTART, ONLOGON, or 
ONIDLE schedule. By default, schedules have no ending date. 
The default value is the current date on the local computer. 
The format for Enddate varies with the locale selected for the 
local computer in Regional and Language Options. Only 
one format is valid for each locale. The valid date formats 
include (be sure to choose the format most similar to the 
format selected for Short date in Regional and Language 
Options on the local computer): 
e <MM>//  - Specifies to use month-first formats, such 

as English (United States) and Spanish (Panama). 
© <DD>// - Specifies to use day-first formats, such as 

Bulgarian and Dutch (Netherlands). 
e <YYYY>// - Specifies to use for year-first formats, 

such as Swedish and French (Canada). 


Specifies to run the scheduled task only when the run as user 
(the user account under which the task runs) is logged on to 
the computer. This parameter has no effect on tasks that run 
with system permissions or tasks that already have the 
interactive-only property set. You can't use a change 
command to remove the interactive-only property from a 
task. By default, run as user is the current user of the local 
computer when the task is scheduled or the account specified 
by the /u parameter, if one is used. However, if the command 
includes the /ru parameter, then the run as user is the 
account specified by the /ru parameter. 


Specifies to delete the task upon the completion of its 
schedule. 


Specifies to create the task and suppress warnings if the 
specified task already exists. 


Displays help at the command prompt. 


minutes 


In a minute schedule, the /sc minute parameter is required. The /mo (modifier) parameter is optional and 


specifies the number of minutes between each run of the task. The default value for /mo is 7 (every minute). The 


/et (end time) and /du (duration) parameters are optional and can be used with or without the /k (end task) 


parameter. 


Examples 


e To schedule a security script, Sec.vbs, to run every 20 minutes, type: 


schtasks /create /sc minute /mo 20 /tn Security Script /tr \\central\data\scripts\sec.vbs 


Because this example doesn't include a starting date or time, the task starts 20 minutes after the command 


completes, and runs every 20 minutes thereafter whenever the system is running. Notice that the security 


script source file is located on a remote computer, but that the task is scheduled and executes on the local 


computer. 


e To schedule a security script, Sec.vbs, to run on the local computer every 100 minutes between 5:00 PM. 
and 7:59 A.M. each day, type: 


schtasks /create /tn Security Script /tr sec.vbs /sc minute /mo 100 /st 17:00 /et 08:00 /k 


This example uses the /sc parameter to specify a minute schedule and the /mo parameter to specify an 
interval of 100 minutes. It uses the /st and /et parameters to specify the start time and end time of each 
day's schedule. It also uses the /k parameter to stop the script if it's still running at 7:59 A.M. Without /k, 
schtasks wouldn't start the script after 7:59 A.M., but if the instance started at 6:20 A.M. was still running, it 
wouldn't stop it. 


To schedule a task to run every <n> hours 


In an hourly schedule, the /sc hourly parameter is required. The /mo (modifier) parameter is optional and 
specifies the number of hours between each run of the task. The default value for /mo is 7 (every hour). The /k 
(end task) parameter is optional and can be used with either /et (end at the specified time) or /du (end after the 
specified interval). 


Examples 


e To schedule the MyApp program to run every five hours, beginning on the first day of March 2002, type: 
schtasks /create /sc hourly /mo 5 /sd 03/01/2002 /tn My App /tr c:\apps\myapp.exe 


In this example, the local computer uses the English (Zimbabwe) option in Regional and Language 
Options, so the format for the start date is MM/DD/YYYY (03/01/2002). 


e To schedule the MyApp program to run hourly, beginning at five minutes past midnight, type: 
schtasks /create /sc hourly /st 00:05 /tn My App /tr c:\apps\myapp.exe 

e To schedule the MyApp program to run every 3 hours, for 10 hours total, type: 
schtasks /create /tn My App /tr myapp.exe /sc hourly /mo 3 /st 00:00 /du 0010:00 


In this example, the task runs at 12:00 A.M., 3:00 A.M., 6:00 A.M., and 9:00 A.M. Because the duration is 10 
hours, the task isn't run again at 12:00 PM. Instead, it starts again at 12:00 A.M. the next day. Also, because 
the program runs for just a few minutes, the /k parameter, which stops the program if it's still running 
when the duration expires, isn't necessary. 


To schedule a task to run every <n> days 


In a daily schedule, the /sc daily parameter is required. The /mo (modifier) parameter is optional and specifies 
the number of days between each run of the task. The default value for /mo is 7 (every day). 


Examples 


e To schedule the MyApp program to run once a day, every day, at 8:00 A.M. until December 31, 2021, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc daily /st 08:09 /ed 31/12/2021 


In this example, the local computer system is set to the English (United Kingdom) option in Regional 
and Language Options, so the format for the end date is DD/MM/YYYY (31/12/2021). Additionally, 


because this example doesn't include the /mo parameter, the default interval of 7 is used to run the 


command every day. 


e To schedule the MyApp program to run every twelve days at 1:00 PM. (13:00) beginning on December 31, 
2021, type: 


schtasks /create /tn My App /tr c:\apps\myapp.exe /sc daily /mo 12 /sd 12/31/2002 /st 13:00 


In this example, the system is set to the English (Zimbabwe) option in Regional and Language 
Options, so the format for the end date is MM/DD/YYYY (12/31/2021). 


e To schedule a security script, Sec.vbs, to run every 70 days, type: 


schtasks /create /tn Security Script /tr sec.vbs /sc daily /mo 79 /it 


In this example, the /it parameter is used to specify that the task runs only when the user under whose 
account the task runs is logged onto the computer. Because the task runs with the permissions of a specific 
user account, this task only runs when that user is logged on. 


NOTE 


To identify tasks with the interactive-only (/it) property, use a verbose query (/query /v). In a verbose query display 


of a task with /it, the Logon Mode field has a value of Interactive only. 





To schedule a task to run every <n> weeks 


In a weekly schedule, the /sc weekly parameter is required. The /mo (modifier) parameter is optional and 
specifies the number of weeks between each run of the task. The default value for /mo is 7 (every week). 


Weekly schedules also have an optional /d parameter to schedule the task to run on specified days of the week, or 
on all days (). The default is MON (Monday). The every day () option is equivalent to scheduling a daily task. 


Examples 


e To schedule the MyApp program to run on a remote computer every six weeks, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc weekly /mo 6 /s Server16 /u Adming1 


Because this example leaves out the /d parameter, the task runs on Mondays. This example also uses the /s 
parameter to specify the remote computer and the /u parameter to run the command with the permissions 
of the user's Administrator account. Additionally, because the /p parameter is left out, SchTasks.exe prompts 
the user for the Administrator account password, and because the command is run remotely, all paths in 
the command, including the path to MyApp.exe, refer to paths on the remote computer. 


e To schedule a task to run every other Friday, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc weekly /mo 2 /d FRI 


This example uses the /mo parameter to specify the two-week interval and the /d parameter to specify the 
day of the week. To schedule a task that runs every Friday, leave out the /mo parameter or set it to 7. 


To schedule a task to run every <n> months 


In this schedule type, the /sc monthly parameter is required. The /mo (modifier) parameter, which specifies the 
number of months between each run of the task, is optional and the default is 7 (every month). This schedule type 
also has an optional /d parameter to schedule the task to run on a specified date of the month. The default is 7 
(the first day of the month). 


Examples 


e To schedule the MyApp program to run on the first day of every month, type: 


schtasks /create /tn My App /tr myapp.exe /sc monthly 
The default value for both the /mo (modifier) parameter and the /d (day) parameter is 7, so you don't need 
to use either of those parameters for this example. 


e To schedule the MyApp program to run every three months, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc monthly /mo 3 


This example uses the /mo parameter to specify an interval of 3 months. 


@ To schedule the MyApp program to run every other month on the 21st day of the month at midnight for a 
year, from July 2, 2002 to June 30, 2003, type: 


schtasks /create /tn My App /tr c:\apps\myapp.exe /sc monthly /mo 2 /d 21 /st 00:00 /sd 2002/07/01 /ed 
2003/06/30 


This example uses the /mo parameter to specify the monthly interval (every two months), the /d 
parameter to specify the date, the /st parameter to specify the time, and the /sd and /ed parameters to 
specify the start date and end date, respectively. Also in this example, the local computer is set to the 
English (South Africa) option in Regional and Language Options, so the dates are specified in the 
local format, YYYY/MM/DD. 


To schedule a task to run on a specific day of the week 


The day of the week schedule is a variation of the weekly schedule. In a weekly schedule, the /sc weekly 

parameter is required. The /mo (modifier) parameter is optional and specifies the number of weeks between each 

run of the task. The default value for /mo is 7 (every week). The /d parameter, which is optional, schedules the 

task to run on specified days of the week, or on all days (*) . The default is WON (Monday). The every day option 
(/d *) is equivalent to scheduling a daily task. 


Examples 


e To schedule the MyApp program to run every week on Wednesday, type: 


schtasks /create /tn My App /tr c:\apps\myapp.exe /sc weekly /d WED 


This example uses the /d parameter to specify the day of the week. Because the command leaves out the 
/mo parameter, the task runs every week. 


e To schedule a task to run on Monday and Friday of every eighth week, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc weekly /mo 8 /d MON,FRI 


This example uses the /d parameter to specify the days and the /mo parameter to specify the eight-week 


interval. 


To schedule a task to run on a specific week of the month 


In this schedule type, the /sc monthly parameter, the /mo (modifier) parameter, and the /d (day) parameter are 
required. The /mo (modifier) parameter specifies the week on which the task runs. The /d parameter specifies the 
day of the week. You can specify only one day of the week for this schedule type. This schedule also has an 
optional /m (month) parameter that lets you schedule the task for particular months or every month (*) . The 
default for the /m parameter is every month (*) . 

Examples 


e To schedule the MyApp program to run on the second Sunday of every month, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc monthly /mo SECOND /d SUN 


This example uses the /mo parameter to specify the second week of the month and the /d parameter to 
specify the day. 


e To schedule the MyApp program to run on the first Monday in March and September, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc monthly /mo FIRST /d MON /m MAR,SEP 


This example uses the /mo parameter to specify the first week of the month and the /d parameter to 
specify the day. It uses the /m parameter to specify the month, separating the month arguments with a 
comma. 


To schedule a task to run on a specific day each month 


In this schedule type, the /sc monthly parameter and the /d (day) parameter are required. The /d parameter 
specifies a date of the month (1 - 31), not a day of the week, and you can specify only one day in the schedule. The 
/m (month) parameter is optional, with the default being every month (), while the /mo (modifier) parameter isn't 
valid with this schedule type. 


Schtasks.exe won't let you schedule a task for a date that's not in a month specified by the /m parameter. For 
example, trying to schedule the 31st day of February. However, if you don't use the /m parameter, and schedule a 
task for a date that doesn't appear in every month, then the task won't run in the shorter months. To schedule a 
task for the last day of the month, use the last day schedule type. 


Examples 


e To schedule the MyApp program to run on the first day of every month, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc monthly 


Because the default modifier is none (no modifier), this command uses the default day of 7, and the default 


month of every month, without requiring any additional parameters. 


e To schedule the MyApp program to run on May 15 and June 15 at 3:00 PM. (15:00), type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc monthly /d 15 /m MAY,JUN /st 15:00 


This example uses the /d parameter to specify the date and the /m parameter to specify the months. It also 
uses the /st parameter to specify the start time. 


To schedule a task to run on the last day of a month 


In the last day schedule type, the /sc monthly parameter, the /mo LASTDAY (modifier) parameter, and the /m 
(month) parameter are required. The /d (day) parameter isn't valid. 


Examples 


e To schedule the MyApp program to run on the last day of every month, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc monthly /mo lastday /m * 


This example uses the /mo parameter to specify the last day and the /m parameter with the wildcard 
character (*) to indicate that the program runs every month. 


e To schedule the MyApp program to run on the last day of February and the last day of March at 6:00 PM., 
type: 


schtasks /create /tn My App /tr c:\apps\myapp.exe /sc monthly /mo lastday /m FEB,MAR /st 18:00 


This example uses the /mo parameter to specify the last day, the /m parameter to specify the months, and 
the /st parameter to specify the start time. 


To schedule to run once 


In the run-once schedule type, the /sc once parameter is required. The /st parameter, which specifies the time 
that the task runs, is required. The /sd parameter, which specifies the date that the task runs, is optional, while the 
/mo (modifier) and /ed (end date) parameters aren't valid. 


Schtasks won't let you schedule a task to run once if the date and time specified are in the past, based on the time 
of the local computer. To schedule a task that runs once on a remote computer in a different time zone, you must 
schedule it before that date and time occurs on the local computer. 


Example 


e To schedule the MyApp program to run at midnight on January 1, 2003, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc once /sd 01/01/2003 /st 00:00 


This example uses the /sc parameter to specify the schedule type and the /sd and /st parameters to specify 
the date and time. Also in this example, the local computer uses the English (United States) option in 
Regional and Language Options, the format for the start date is MM/DD/YYYY. 


To schedule a task to run every time the system starts 


In the on-start schedule type, the /sc onstart parameter is required. The /sd (start date) parameter is optional 
and the default is the current date. 


Example 


e To schedule the MyApp program to run every time the system starts, beginning on March 15, 2001, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc onstart /sd 03/15/2001 


In this example, the local computer uses the English (United States) option in Regional and Language 
Options, the format for the start date is MM/DD/YYYY. 


To schedule a task to run when a user logs on 


The on logon schedule type schedules a task that runs whenever any user logs on to the computer. In the on logon 
schedule type, the /sc onlogon parameter is required. The /sd (start date) parameter is optional and the default 
is the current date. 


Example 


e To schedule a task that runs when a user logs on to a remote computer, type: 
schtasks /create /tn Start Web Site /tr c:\myiis\webstart.bat /sc onlogon /s Server23 


This example schedules a batch file to run every time a user (any user) logs on to the remote computer. It 
uses the /s parameter to specify the remote computer. Because the command is remote, all paths in the 
command, including the path to the batch file, refer to a path on the remote computer. 


To schedule a task to run when the system is idle 


The on idle schedule type schedules a task that runs whenever there is no user activity during the time specified by 
the /i parameter. In the on idle schedule type, the /sc onidle parameter and the /i parameter are required. The 
/sd (start date) is optional and the default is the current date. 


Example 


e To schedule the MyApp program to run whenever the computer is idle, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc onidle /i 10 


This example uses the required /i parameter to specify that the computer must remain idle for ten minutes 
before the task starts. 


To schedule a task to run now 


Schtasks doesn't have a Run Now option, but you can simulate that option by creating a task that runs once and 
starts in a few minutes. 


Example 


e To schedule a task to run once, on November 13, 2020 at 2:18 PM. local time, type: 
schtasks /create /tn My App /tr c:\apps\myapp.exe /sc once /st 14:18 /sd 11/13/2002 


In this example, the local computer uses the English (United States) option in Regional and Language 
Options, so the format for the start date is MM/DD/YYYY. 


To schedule a task that runs with different permissions 


You can schedule tasks of all types to run with permissions of an alternate account on both the local and a remote 
computer. In addition to the parameters required for the particular schedule type, the /ru parameter is required 
and the /rp parameter is optional. 

Examples 


e To run the MyApp program on the local computer, type: 


schtasks /create /tn My App /tr myapp.exe /sc weekly /d TUE /ru Admine6 


This example uses the /ru parameter to specify that the task should run with the permissions of the user's 
Administrator account (Adm/n06). Also in this example, the task is scheduled to run every Tuesday, but you 
can use any schedule type for a task run with alternate permissions. 


In response, SchTasks.exe prompts for the run as password for the Admin06 account, and then displays a 
Success message: 


Please enter the run as password for Adminø6: *****x* 
SUCCESS: The scheduled task My App has successfully been created. 


To run the MyApp program on the Marketing computer every four days, type: 


schtasks /create /tn My App /tr myapp.exe /sc daily /mo 4 /s Marketing /u Marketing\Admine1 /ru 
Reskits\User@1 


This example uses the /sc parameter to specify a daily schedule, and the /mo parameter to specify an 
interval of four days. Additionally, this example uses the /s parameter to provide the name of the remote 
computer and the /u parameter to specify an account with permission to schedule a task on the remote 
computer (Admin07 on the Marketing computer). Finally, this example uses the /ru parameter to specify 
that the task should run with the permissions of the user's non-Administrator account (User07 in the 
Reskits domain). Without the /ru parameter, the task would run with the permissions of the account 
specified by /u. 


When running this example, Schtasks first requests the password of the user named by the /u parameter 
(to run the command) and then requests the password of the user named by the /ru parameter (to run the 
task). After authenticating the passwords, schtasks displays a message indicating that the task is scheduled: 


Type the password for Marketing\Admin@1: ******** 
Please enter the run as password for Reskits\UserQ@1: ******** 
SUCCESS: The scheduled task My App has successfully been created. 


To run schedule the AdminCheck.exe program to run on the Public computer every Friday at 4:00 A.M., but 
only if the administrator of the computer is logged on, type: 


schtasks /create /tn Check Admin /tr AdminCheck.exe /sc weekly /d FRI /st 04:00 /s Public /u 
Domain3\Admin@6 /ru Public\Admine1 /it 


This example uses the /sc parameter to specify a weekly schedule, the /d parameter to specify the day, and 
the /st parameter to specify the start time. It also uses the /s parameter to provide the name of the remote 
computer, the /u parameter to specify an account with permission to schedule a task on the remote 
computer, the /ru parameter to configure the task to run with the permissions of the administrator of the 
Public computer (Public\Admin07), and the /it parameter to indicate that the task runs only when the 
Public\Admin07 account is logged on. 





NOTE 


To identify tasks with the interactive-only (/it) property, use a verbose query ( /query /v ). In a verbose query 


display of a task with /it, the Logon Mode field has a value of Interactive only. 





To schedule a task that runs with system permissions 


Tasks of all types can run with permissions of the System account on both the local and a remote computer. In 
addition to the parameters required for the particular schedule type, the /ru system (or /ru) parameter is 
required, while the /rp parameter isn't valid. 


IMPORTANT 
The System account doesn't have interactive logon rights. Users can't see or interact with programs or tasks run with 
system permissions. The /ru parameter determines the permissions under which the task runs, not the permissions used to 


schedule the task. Only Administrators can schedule tasks, regardless of the value of the /ru parameter. 


To identify tasks that run with system permissions, use a verbose query ( /query /v ). In a verbose query display of a 
system-run task, the Run As User field has a value of NT AUTHORITY\SYSTEM and the Logon Mode field has a value 
of Background only. 





Examples 


e To schedule the MyApp program to run on the local computer with permissions of the System account, 


type: 


schtasks /create /tn My App /tr c:\apps\myapp.exe /sc monthly /d 15 /ru System 


In this example, the task is scheduled to run on the fifteenth day of every month, but you can use any 
schedule type for a task run with system permissions. Additionally, this example uses the /ru System 
parameter to specify the system security context. Because system tasks don't use a password, the /rp 
parameter is left out. 


In response, SchTasks.exe displays an informational message and a success message, without prompting for 
a password: 


INFO: The task will be created under user name (NT AUTHORITY\SYSTEM). 
SUCCESS: The Scheduled task My App has successfully been created. 


e To schedule the MyApp program to run on the Finance07 computer every morning at 4:00 A.M, using 
system permissions, type: 


schtasks /create /tn My App /tr myapp.exe /sc daily /st 04:00 /s Finance@1 /u Admin@1 /ru System 


This example uses the /tn parameter to name the task and the /tr parameter to specify the remote copy of 
the MyApp program, the /sc parameter to specify a daily schedule, but leaves out the /mo parameter 
because 7 (every day) is the default. This example also uses the /st parameter to specify the start time, 
which is also the time the task will run each day, the /s parameter to provide the name of the remote 
computer, the /u parameter to specify an account with permission to schedule a task on the remote 
computer, and the /ru parameter to specify that the task should run under the System account. Without the 
/ru parameter, the task would run using the permissions of the account specified by the /u parameter. 


Schtasks.exe requests the password of the user named by the /u parameter and, after authenticating the 
password, displays a message indicating that the task is created and that it will run with permissions of the 
System account: 





Type the password for AdminØ1l:******kk 


INFO: The Schedule Task My App will be created under user name (NT AUTHORITY\ 
SYSTEM). 
SUCCESS: The scheduled task My App has successfully been created. 


To schedule a task that runs more than one program 


Each task runs only one program. However, you can create a batch file that runs multiple programs and then 
schedule a task to run the batch file. 


. Using a text editor, such as Notepad, create a batch file that includes the name and fully-qualified path to 


the .exe file required to start the Event Viewer (Eventvwrexe) and System Monitor (Perfmon.exe) programs. 


C: \Windows\System32\Eventvwr.exe 
C:\Windows \System32\Perfmon. exe 


Save the file as MyApps.bat open schtasks.exe, and then create a task to run MyApps.bat by typing: 


schtasks /create /tn Monitor /tr C:\MyApps.bat /sc onlogon /ru Reskit\Administrator 


This command creates the Monitor task, which runs whenever anyone logs on. It uses the /tn parameter to 
name the task, the /tr parameter to run MyApps.bat, the /sc parameter to indicate the OnLogon schedule 
type and the /ru parameter to run the task with the permissions of the user's Administrator account. 


As a result of this command, whenever a user logs on to the computer, the task starts both Event Viewer 
and System Monitor. 


To schedule a task that runs on a remote computer 


To schedule a task to run on a remote computer, you must add the task to the remote computer's schedule. Tasks 


of all types can be scheduled on a remote computer, but the following conditions must be met: 


You must have permission to schedule the task. As such, you must be logged on to the local computer with 
an account that is a member of the Administrators group on the remote computer, or you must use the /u 
parameter to provide the credentials of an Administrator of the remote computer. 


You can use the /u parameter only when the local and remote computers are in the same domain or the 
local computer is in a domain that the remote computer domain trusts. Otherwise, the remote computer 
cannot authenticate the user account specified and it cannot verify that the account is a member of the 
Administrators group. 


The task must have sufficient permission to run on the remote computer. The permissions required vary 
with the task. By default, the task runs with the permission of the current user of the local computer or, if 
the /u parameter is used, the task runs with the permission of the account specified by the /u parameter. 
However, you can use the /ru parameter to run the task with permissions of a different user account or with 
system permissions. 


Examples 


To schedule the MyApp program (as an administrator) to run on the SRVO7 remote computer every ten 
days starting immediately,type: 


schtasks /create /s SRV@1 /tn My App /tr c:\program files\corpapps\myapp.exe /sc daily /mo 10 


This example uses the /s parameter to provide the name of the remote computer. Because the local current 
user is an Administrator of the remote computer, the /u parameter, which provides alternate permissions 
for scheduling the task, isn't necessary. 


NOTE 


When scheduling tasks on a remote computer, all parameters refer to the remote computer. Therefore, the file 


specified by the /tr parameter refers to the copy of MyApp.exe on the remote computer. 





e To schedule the MyApp program (as a user) to run on the SRVO6 remote computer every three hours, type: 


schtasks /create /s SRV@6 /tn My App /tr c:\program files\corpapps\myapp.exe /sc hourly /mo 3 /u 
reskits\admine1l /p R43253@4$ /ru SRV@6\user@3 /rp MyFav!!Pswd 


Because Administrator permissions are required to schedule a task, the command uses the /u and /p 
parameters to provide the credentials of the user's Administrator account (Admin07 in the Reskits domain). 
By default, these permissions are also used to run the task. However, because the task does not need 
Administrator permissions to run, the command includes the /u and /rp parameters to override the default 
and run the task with permission of the user's non-Administrator account on the remote computer. 


e To schedule the MyApp program (as a user) to run on the SRVO2 remote computer on the last day of every 
month. 


schtasks /create /s SRV@2 /tn My App /tr c:\program files\corpapps\myapp.exe /sc monthly /mo LASTDAY /m 
* /u reskits\admine1 


Because the local current user (user03) isn't an Administrator of the remote computer, the command uses 
the /u parameter to provide the credentials of the user's Administrator account (Admin01 in the Reskits 
domain). The Administrator account permissions will be used to schedule the task and to run the task. 


Because the command did not include the /p (password) parameter, schtasks prompts for the password. 


Then it displays a success message and, in this case, a warning: 


Type the password for reskits\admin@1: ******** 


SUCCESS: The scheduled task My App has successfully been created. 
WARNING: The scheduled task My App has been created, but may not run because the account information 
could not be set. 


This warning indicates that the remote domain could not authenticate the account specified by the /u 
parameter. In this case, the remote domain could not authenticate the user account because the local 
computer isn't a member of a domain that the remote computer domain trusts. When this occurs, the task 
job appears in the list of scheduled tasks, but the task is actually empty and it won't run. 


The following display from a verbose query exposes the problem with the task. In the display, note that the 
value of Next Run Time is Never and that the value of Run As User is Could not be retrieved from 
the task scheduler database. 


Had this computer been a member of the same domain or a trusted domain, the task would have been 
successfully scheduled and would have run as specified. 


HostName: SRV44 

TaskName: My App 

Next Run Time: Never 

Status: 

Logon mode: Interactive/Background 

Last Run Time: Never 

Last Result: 0 

Creator: user@3 

Schedule: At 3:52 PM on day 31 of every month, start 
starting 12/14/2001 

Task To Run: c:\program files\corpapps\myapp.exe 
Start In: myapp.exe 

Comment: N/A 

Scheduled Task State: Disabled 

Scheduled Type: Monthly 

Start Time: 3:52:00 PM 

Start Date: 12/14/2001 

End Date: N/A 

Days: 31 

Months: JAN,FEB,MAR,APR,MAY, JUN, JUL,AUG,SEP,OCT,NO 
V,DEC 

Run As User: Could not be retrieved from the task sched 
uler database 

Delete Task If Not Rescheduled: Enabled 

Stop Task If Runs X Hours and X Mins: 72:0 
Repeat: Every: Disabled 

Repeat: Until: Time: Disabled 

Repeat: Until: Duration: Disabled 

Repeat: Stop If Still Running: Disabled 

Idle Time: Disabled 

Power Management: Disabled 


Remarks 


e Torun the /create command with the permissions of a different user, use the /u parameter. The /u 


parameter is valid only for scheduling tasks on remote computers. 
To view more schtasks /create examples, type schtasks /create /? ata command prompt. 


To schedule a task that runs with permissions of a different user, use the /ru parameter. The /ru parameter 
is valid for tasks on local and remote computers. 


To use the /u parameter, the local computer must be in the same domain as the remote computer or it must 
be in a domain that the remote computer domain trusts. Otherwise, either the task isn't created, or the task 
job is empty and the task doesn't run. 


Schtasks always prompts for a password unless you provide one, even when you schedule a task on the 
local computer using the current user account. This is normal behavior for schtasks. 


Schtasks doesn't verify program file locations or user account passwords. If you don't enter the correct file 
location or the correct password for the user account, the task is created, but it won't run. Also, if the 
password for an account changes or expires, and you don't change the password saved in the task, then the 
task won't run. 


The System account doesn't have interactive logon rights. Users don't see and can't interact with programs 
run with system permissions. 


Each task runs only one program. However, you can create a batch file that starts multiple tasks, and then 
schedule a task that runs the batch file. 


You can test a task as soon as you create it. Use the run operation to test the task and then check the 
SchedLgU.txt file (SystemRoot\SchedLgU txt) for errors. 


Additional References 


Command-Line Syntax Key 
schtasks change command 
schtasks delete command 
schtasks end command 
schtasks query command 


schtasks run command 


schtasks delete 
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Deletes a scheduled task from the schedule. This command doesn't delete the program that the task runs or 


interrupt a running program. 


Syntax 


schtasks /delete /tn {<taskname> | *} [/f] [/s <computer> [/u [<domain>\]<user> [/p <password>]]] 


Parameters 

PARAMETER DESCRIPTION 

/tn {<taskname> | *} Identifies the task to be deleted. If you use the * , this 
command deletes all tasks scheduled for the computer, not 
just the tasks scheduled by the current user. 

/f Suppresses the confirmation message. The task is deleted 
without warning. 

/S <computer> Specifies the name or IP address of a remote computer (with 
or without backslashes). The default is the local computer. 

/U [<domain>] Runs this command with the permissions of the specified user 
account. By default, the command runs with the permissions 
of the current user of the local computer. The specified user 
account must be a member of the Administrators group on 
the remote computer. The /u and /p parameters are valid 
only when you use /s. 

/P <password> Specifies the password of the user account specified in the /u 
parameter. If you use the /u parameter without the /p 
parameter or the password argument, schtasks will prompt 
you for a password. The /u and /p parameters are valid only 
when you use /s. 

1? Displays help at the command prompt. 

Examples 


To delete the Start Mail task from the schedule of a remote computer. 


schtasks /delete /tn Start Mail /s Svr16 


This command uses the /s parameter to identify the remote computer. 


To delete all tasks from the schedule of the local computer, including tasks scheduled by other users. 


schtasks /delete /tn * /f 


This command uses the /tn * parameter to represent all tasks on the computer and the /f parameter to suppress 
the confirmation message. 


Additional References 
e Command-Line Syntax Key 

e schtasks change command 

e schtasks create command 

e schtasks end command 

e schtasks query command 


e schtasks run command 


schtasks end 


11/2/2020 * 2 minutes to read * Edit Online 





Stops only the instances of a program started by a scheduled task. To stop other processes, you must use the 
TaskKill command. 


Syntax 


schtasks /end /tn <taskname> [/s <computer> [/u [<domain>\]<user> [/p <password>]]] 


Parameters 

PARAMETER DESCRIPTION 

/tn <taskname> Identifies the task that started the program. This parameter is 
required. 

/S <computer> Specifies the name or IP address of a remote computer (with 
or without backslashes). The default is the local computer. 

/U [<domain>] Runs this command with the permissions of the specified user 
account. By default, the command runs with the permissions 
of the current user of the local computer. The specified user 
account must be a member of the Administrators group on 
the remote computer. The /u and /p parameters are valid 
only when you use /s. 

/P <password> Specifies the password of the user account specified in the /u 
parameter. If you use the /u parameter without the /p 
parameter or the password argument, schtasks will prompt 
you for a password. The /u and /p parameters are valid only 
when you use /s. 

/? Displays help at the command prompt. 

Examples 


To stop the instance of Notepad.exe started by the My Notepad task, type: 
schtasks /end /tn "My Notepad" 
To stop the instance of Internet Explorer started by the /nternetOn task on the remote computer, Svr07,type: 


schtasks /end /tn InternetOn /s Svr@1 


Additional References 


e Command-Line Syntax Key 


schtasks change command 
schtasks create command 
schtasks delete command 
schtasks query command 


schtasks run command 


eg eV SA 
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Lists all the tasks scheduled to run on the computer. 


Syntax 


schtasks [/query] [/fo (TABLE | LIST | CSV)] [/nh] [/v] [/s <computer> [/u [<domain>\]<user> [/p 
<password>]]] 


Parameters 

PARAMETER DESCRIPTION 

/query Optionally, specifies the name of the operation. Using this 
query without an parameters performs a query. 

/fo <format> Specifies the output format. The valid values are TABLE, LIST, 
or CSV. 

/nh Removes column headings from the table display. This 
parameter is valid with the TABLE or CSV output formats. 

N Adds the advanced properties of the task to the display. This 
parameter is valid with the L/STor CSV output formats. 

/S <computer> Specifies the name or IP address of a remote computer (with 
or without backslashes). The default is the local computer. 

/u [<domain>] Runs this command with the permissions of the specified user 
account. By default, the command runs with the permissions 
of the current user of the local computer. The specified user 
account must be a member of the Administrators group on 
the remote computer. The /u and /p parameters are valid 
only when you use /s. 

/P <password> Specifies the password of the user account specified in the /u 
parameter. If you use the /u parameter without the /p 
parameter or the password argument, schtasks will prompt 
you for a password. The /u and /p parameters are valid only 
when you use /s. 

R Displays help at the command prompt. 

Examples 


To list all tasks scheduled for the local computer,type: 


schtasks 
schtasks /query 


These commands produce the same result and can be used interchangeably. 


To request a detailed display of the tasks on the local computer,type: 


schtasks /query /fo LIST /v 


This command uses the /v parameter to request a detailed (verbose) display and the /fo LIST parameter to 
format the display as a list for easy reading. You can use this command to verify that a task you created has the 
intended recurrence pattern. 


To request a list of tasks scheduled for a remote computer and to add the tasks to a comma-separated log file on 
the local computer, type: 


schtasks /query /s Reskit16 /fo csv /nh >> \\svr01\data\tasklogs\pe102.csv 


You can use this command format to collect and track tasks that are scheduled for multiple computers. This 
command uses the /s parameter to identify the remote computer, Reskit76, the /fo parameter to specify the 
format and the /nh parameter to suppress the column headings. The > > append symbol redirects the output to 
the task log, p0102.csv, on the local computer, Svr07. Because the command runs on the remote computer, the 
local computer path must be fully qualified. 


Additional References 
e Command-Line Syntax Key 

e schtasks change command 

e schtasks create command 

e schtasks delete command 

e schtasks end command 


e schtasks run command 


schtasks run 
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Starts a scheduled task immediately. The run operation ignores the schedule, but uses the program file location, 
user account, and password saved in the task to run the task immediately. Running a task does not affect the task 
schedule and does not change the next run time scheduled for the task. 


Syntax 


schtasks /run /tn <taskname> [/s <computer> [/u [<domain>\]<user> [/p <password>]]] 


Parameters 

PARAMETER DESCRIPTION 

/tn <taskname> Identifies the task to start. This parameter is required. 

/S <computer> Specifies the name or IP address of a remote computer (with 
or without backslashes). The default is the local computer. 

/U [<domain>] Runs this command with the permissions of the specified user 
account. By default, the command runs with the permissions 
of the current user of the local computer. The specified user 
account must be a member of the Administrators group on 
the remote computer. The /u and /p parameters are valid 
only when you use /s. 

/P <password> Specifies the password of the user account specified in the /u 
parameter. If you use the /u parameter without the /p 
parameter or the password argument, schtasks will prompt 
you for a password. The /u and /p parameters are valid only 
when you use /s. 

/? Displays help at the command prompt. 

Remarks 


e Use this operation to test your tasks. If a task doesn't run, check the Task Scheduler Service transaction log, 
<Systemroot>\SchedLgu. txt for errors. 


e Torun a task remotely, the task must be scheduled on the remote computer. When you run the task, it runs 
only on the remote computer. To verify that a task is running on a remote computer, use Task Manager or 
the Task Scheduler Service transaction log, <Systemroot>\SchedLguU.txt . 


Examples 


To start the Security Script task, type: 
schtasks /run /tn Security Script 


To start the Update task on a remote computer, Svr01, type: 


schtasks /run /tn Update /s Svr@1 


Additional References 


Command-Line Syntax Key 
schtasks change command 
schtasks create command 
schtasks delete command 
schtasks end command 


schtasks query command 


scwcmd 
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Applies to: Windows Server 2012 R2 and Windows Server 2012 
The Scwcmd.exe command-line tool included with the Security Configuration Wizard (SCW) can be used to 
perform the following tasks: 
e Analyze one or many servers with an SCW-generated policy. 
e Configure one or many servers with an SCW-generated policy. 
e Register a Security Configuration Database extension with SCW. 
e Rollback SCW policies. 
e Transform an SCW-generated policy into native files that are supported by Group Policy. 


e View analysis results in HTML format. 


NOTE 


If you use scwcmd to configure, analyze, or roll back a policy on a remote server, SCW must be installed on the remote 
server. 





Syntax 


scwcmd analyze 
scwcmd configure 
scwcmd register 
scwcmd rollback 
scwcmd transform 
scwcmd view 


Parameters 

PARAMETER DESCRIPTION 

scwcmd analyze Determines whether a computer is in compliance with a policy. 

scwcmd configure Applies an SCW-generated security policy to a computer. 

scwcmd register Extends or customizes the SCW Security Configuration 
Database by registering a Security Configuration Database file 
that contains role, task, service, or port definitions. 

scwcmd rollback Applies the most recent rollback policy available, and then 
deletes that rollback policy. 

scwcmd transform Transforms a security policy file generated by using SCW into a 


new Group Policy object (GPO) in Active Directory Domain 
Services. 


PARAMETER DESCRIPTION 


scwcmd view Renders an .xml file by using a specified .xs! transform. 


Additional References 


e Command-Line Syntax Key 


scwcmd analyze 
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Applies to: Windows Server 2012 R2 and Windows Server 2012 


Determines whether a computer is in compliance with a policy. Results are returned in an .xml file. 


This command also accepts a list of computer names as input. To view the results in your browser, use scwcmd 


view and specify *windir%\security\msscw\TransformFiles\scwanalysis.xsl as the .xsl transform. 


Syntax 


scwcmd analyze [[[/m:<computername> | /ou:<OuName>] /p:<policy>] | /i:<computerlist>] [/o:<resultdir>] [/u: 
<username>] [/pw:<password>] [/t:<threads>] [/1] [/e] 


Parameters 


PARAMETER DESCRIPTION 


/m: <computername> Specifies the NetBIOS name, DNS name, or IP address of the 
computer to analyze. If the /m parameter is specified, then 
the /p parameter must also be specified. 


/ou: <OuName> Specifies the fully qualified domain name (FQDN) of an 
organizational unit (OU) in Active Directory Domain Services. 
If the /ou parameter is specified, then the /p parameter must 
also be specified. All computers in the OU will be analyzed 
against the given policy. 


/p: <policy> Specifies the path and file name of the .xml policy file to be 
used to perform the analysis. 


/i: <computerlist> Specifies the path and file name of an .xml file that contains a 
list of computers along with their expected policy files. All 
computers in the .xml file will be analyzed against their 
corresponding policy files. A sample .xml file is 


4windir%\security\SampleMachineList.xml . 


/0: <resultdir> Specifies the path and directory where the analysis result files 
should be saved. The default is the current directory. 


/U: <username> Specifies an alternate user credential to use when performing 
the analysis on a remote computer. The default is the logged 
on user. 


/pw: <password> Specifies an alternate user credential to use when performing 
the analysis on a remote computer. The default is the 
password of the logged on user. 


/t: <threads> Specifies the number of simultaneous outstanding analysis 
operations that should be maintained during the analysis. The 
value range is 1-1000, with a default value of 40. 


PARAMETER DESCRIPTION 


/\ Causes the analysis process to be logged. One log file will be 
generated for each computer being analyzed. The log files will 
be stored in the same directory as the result files. Use the /o 
option to specify the directory for the result files. 


/e Log an event to the Application Event log if a mismatch is 
found. 
/ Displays help at the command prompt. 
Examples 


To analyze a security policy against the file webpolicy.xml, type: 


scwcmd analyze /p:webpolicy.xml 


To analyze a security policy on the computer named webserver against the file webpolicy.xm/ by using the 
credentials of the webadmin account, type: 


scwcmd analyze /m:webserver /p:webpolicy.xml /u:webadmin 


To analyze a security policy against the file webpolicy.xm/, with a maximum of 100 threads, and output the results 
to a file named results in the resu/tserver share, type: 


scwcmd analyze /i:webpolicy.xml /t:100 /o:\\resultserver\results 


To analyze a security policy for the WebServers OU against the file webpolicy.xm/by using the DomainAdmin 
credentials, type: 


scwcmd analyze /ou:0U=WebServers ,DC=Marketing ,DC=ABCCompany,DC=com /p:webpolicy.xml /u:DomainAdmin 


Additional References 


Command-Line Syntax Key 
e scwcmd configure command 
® scwcmd register command 
e scwcmd rollback command 
e scwcmd transform command 


e scwcmd view command 


scwcmd configure 
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Applies to: Windows Server 2012 R2 and Windows Server 2012 


Applies a Security Configuration Wizard (SCW)-generated security policy to a computer. This command-line tool 
also accepts a list of computer names as input. 


Syntax 


scwcmd configure [[[/m:<computername> | /ou:<OuName>] /p:<policy>] | /i:<computerlist>] [/u:<username>] [/pw: 
<password>] [/t:<threads>] 


Parameters 

PARAMETER DESCRIPTION 

/m: <computername> Specifies the NetBIOS name, DNS name, or IP address of the 
computer to configure. If the /m parameter is specified, then 
the /p parameter must also be specified. 

/ou: <OuName> Specifies the fully qualified domain name (FQDN) of an 
organizational unit (OU) in Active Directory Domain Services. 
If the /ou parameter is specified, then the /p parameter must 
also be specified. All computers in the OU will be configured 
against the given policy. 

/p: <policy> Specifies the path and file name of the .xml policy file to be 
used to perform the configuration. 

/i: <computerlist> Specifies the path and file name of an .xml file that contains a 
list of computers along with their expected policy files. All 
computers in the .xml file will be analyzed against their 
corresponding policy files. A sample .xml file is 

4windir%\security\SampleMachineList.xml . 

/U: <username> Specifies an alternate user credential to use when performing 
the configuration on a remote computer. The default is the 
logged on user. 

/pw: <password> Specifies an alternate user credential to use when performing 
the configuration on a remote computer. The default is the 
password of the logged on user. 

/t: <threads> Specifies the number of simultaneous outstanding 


configuration operations that should be maintained during 
the analysis. The value range is 1-1000, with a default value 
of 40. 


PARAMETER DESCRIPTION 


Å Causes the analysis process to be logged. One log file will be 
generated for each computer being analyzed. The log files will 
be stored in the same directory as the result files. Use the /o 
option to specify the directory for the result files. 


/e Log an event to the Application Event log if a mismatch is 
found. 
/? Displays help at the command prompt. 
Examples 


To configure a security policy against the file webpolicy.xml, type: 


scwcmd configure /p:webpolicy.xml 


To configure a security policy for the computer at 772.76.0.0 against the file webpolicy.xm/ by using the credentials 
of the webadmin account, type: 


scwcmd configure /m:172.16.0.0 /p:webpolicy.xml /u:webadmin 


To configure a security policy on all computers on the list campusmachines.xm/with a maximum of 100 threads, 


type: 


scwcmd configure /i:campusmachines.xml /t:100 


To configure a security policy for the WebServers OU against the file webpolicy.xm/ by using the DomainAdmin 
credentials, type: 


scwcmd configure /ou:0U=WebServers,DC=Marketing,DC=ABCCompany,DC=com /p:webpolicy.xml /u:DomainAdmin 


Additional References 


Command-Line Syntax Key 
@ scwcmd analyze command 
e scwcmd register command 
e scwcmd rollback command 
e scwcmd transform command 


e scwcmd view command 


scwcmd register 
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Applies to: Windows Server 2012 R2 and Windows Server 2012 


Extends or customizes the Security Configuration Wizard (SCW) Security Configuration Database by registering a 
Security Configuration Database file that contains role, task, service, or port definitions. 


Syntax 


scwcmd register /kbname:<MyApp> [/kbfile:<kb.xml>] [/kb:<path>] [/d] 


Parameters 


PARAMETER DESCRIPTION 


/kbname: <MyApp> Specifies the name under which the Security Configuration 
Database extension will be registered. This parameter must be 
specified. 


/kbfile: <kb.xml> Specifies the path and file name of the Security Configuration 
Database file used to extend or customize the base Security 
Configuration Database. To validate that the Security 
Configuration Database file is compliant with the SCW 
schema, use the 
%windir%\security\KBRegistrationInfo.xsd schema 
definition file. This option must be provided unless the /d 
parameter is specified. 


/kb: <path> Specifies the path to the directory that contains the SCW 
Security Configuration Database files to be updated. If this 
option is not specified, %windir%\security\msscw\kbs_ is 
used. 


/d Unregisters a Security Configuration Database extension from 
the Security Configuration Database. The extension to 
unregister is specified by the /kbname parameter. (The 
/kbfile parameter shouldn't be specified.) The Security 
Configuration Database to unregister the extension from is 
specified by the /kb parameter. 


R Displays help at the command prompt. 


Examples 


To register the Security Configuration Database file named SCWKBForMyApp.xml under the name MyApp in the 
location \\kbserver\kb , type: 


scwcmd register /kbfile:d:\SCWKBForMyApp.xml /kbname:MyApp /kb:\\kbserver\kb 


To unregister the Security Configuration Database MyApp, located at \\kbserver\kb , type: 


scwcmd register /d /kbname:MyApp /kb:\\kbserver\kb 


Additional References 


e Command-Line Syntax Key 
e scwcmd analyze command 
e scwcmd configure command 
e scwcmd rollback command 
® scwcmd transform command 


e scwcmd view command 


scwcmd rollback 
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Applies to: Windows Server 2012 R2 and Windows Server 2012 


Applies the most recent rollback policy available, and then deletes that rollback policy. 


Syntax 


scwcmd rollback /m:<computername> [/u:<username>] [/pw:<password>] 


Parameters 
PARAMETER DESCRIPTION 
/m: <computername> Specifies the NetBIOS name, DNS name, or IP address of a 
computer where the rollback operation should be performed. 
/U: <username> Specifies an alternate user account to use when performing a 
remote rollback. The default is the logged on user. 
/pw: <password> Specifies an alternate user credential to use when performing 
a remote rollback. The default is the logged on user. 
/? Displays help at the command prompt. 
Examples 


To roll back the security policy on a computer at IP address 772.76.0.0, type: 


scwcmd rollback /m:172.16.0.0 


Additional References 


Command-Line Syntax Key 
@ scwcmd analyze command 
e scwcmd configure command 
@ scwcmd register command 
® scwcmd transform command 


@ scwcmd view command 


scwcmd transform 
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Applies to: Windows Server 2012 R2 and Windows Server 2012 


Transforms a security policy file generated by using the Security Configuration Wizard (SCW) into a new Group 
Policy Object (GPO) in Active Directory Domain Services. The transform operation does not change any settings 
on the server where it is performed. After the transform operation has completed, an administrator must link the 
GPO to the desired OUs to deploy the policy to servers. 





IMPORTANT 


Domain administrator credentials are needed to complete the transform operation. 
Internet Information Services (IIS) security policy settings cant be deployed by using Group Policy. 


Firewall policies that list approved apps shouldn't be deployed to servers unless the Windows Firewall service started 


automatically when the server was last started. 





Syntax 


scwcmd transform /p:<policyfile.xml> /g:<GPOdisplayname> 


Parameters 
PARAMETER DESCRIPTION 
/p: <policyfile.xml> Specifies the path and file name of the .xml policy file that 
should be applied. This parameter must be specified. 
/9: <GPOdisplayname> Specifies the display name of the GPO. This parameter must 
be specified. 
£ Displays help at the command prompt. 
Examples 


To create a GPO named FileServerSecurity from a file named FileServerPolicy xml, type: 


scwcmd transform /p:FileServerPolicy.xml /g:FileServerSecurity 


Additional References 


e Command-Line Syntax Key 
e scwcmd analyze command 


e scwcmd configure command 


e scwcmd register command 
e@ scwcmd rollback command 


@ scwcmd view command 


scwcmd view 
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Applies to: Windows Server 2012 R2 and Windows Server 2012 


Renders an .xml file by using a specified .xs| transform. This command can be useful for displaying Security 
Configuration Wizard (SCW) .xml files by using different views. 


Syntax 


scwcmd view /x:<Xmlfile.xml> [/s:<Xslfile.xsl>] 


Parameters 
PARAMETER DESCRIPTION 
/X: <Xmlfile.xml> Specifies the .xml file to be viewed. This parameter must be 
specified. 
/S: <Xslfile.xsl> Specifies the .xsl transform to apply to the .xml file as part of 
the rendering process. This parameter is optional for SCW 
.xml files. When the view command is used to render a SCW 
.xml file, it will automatically try to load the correct default 
transform for the specified .xml file. If an .xsl transform is 
specified, the transform must be written under the 
assumption that the .xml file is in the same directory as the 
xsl transform. 
/? Displays help at the command prompt. 
Example 


To view Policyfilexml by using the Policyview.xsltransform, type: 


scwcmd view /x:C:\policies\Policyfile.xml /s:C:\viewers\Policyview.xsl 


Additional References 


Command-Line Syntax Key 
@ scwcmd analyze command 
@ scwcmd configure command 
e scwcmd register command 
e scwcmd rollback command 


e scwcmd transform command 


secedit commands 
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Configures and analyzes system security by comparing your current security configuration against specified 
security templates. 


NOTE 


The Microsoft Management Console (MMC) and the Security Configuration and Analysis snap-in are not available on Server 


Core. 





Syntax 


secedit /analyze 

secedit /configure 
secedit /export 

secedit /generaterollback 
secedit /import 

secedit /validate 


Parameters 
PARAMETER DESCRIPTION 
secedit /analyze Allows you to analyze current systems settings against 
baseline settings that are stored in a database. The analysis 
results are stored in a separate area of the database and can 
be viewed in the Security Configuration and Analysis snap-in. 
secedit /configure Allows you to configure a system with security settings stored 
in a database. 
secedit /export Allows you to export security settings stored in a database. 
secedit /generaterollback Allows you to generate a rollback template with respect to a 
configuration template. 
secedit /import Allows you to import a security template into a database so 
that the settings specified in the template can be applied to a 
system or analyzed against a system. 
secedit /validate Allows you to validate the syntax of a security template. 
Remarks 


e If there is no filepath specified, all filenames will default to the current directory. 


e Your analysis results are stored in a separate area of the database and can be viewed in the Security 
Configuration and Analysis snap-in to the MMC. 


e If your security templates are created by using the Security Template snap-in, and if you run the Security 
Configuration and Analysis snap-in against those templates, the following files are created: 


FILE 


scesrv.log 


user-selected name.sdb 


user-selected namelog 


user-selected name.inf 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


e Location: %windir%\security\logs 

e Created by: Operating system 

e File type: Text 

e Refresh rate: Overwritten when 
secedit analyze , secedit configure , 
secedit export Or secedit import is run. 


e Content: Contains the results of the analysis 
grouped by policy type. 


e Location: 


%windir%\<user 
account>\Documents\Security\Database 


e Created by: Running the Security Configuration 
and Analysis snap-in 

e File type: Proprietary 

e Refresh rate: Updated whenever a new security 
template is created. 

e Content: Local security policies and user-created 
security templates. 


e Location: User-defined, but defaults to 


%windir%\<user 
account>\Documents\Security\Logs 


e Created by: Running the secedit analyze or 
secedit configure commands, or by using the 
Security Configuration and Analysis snap-in. 
e File type: Text 
e Refresh rate: Overwritten when 
secedit analyze Or secedit configure is run, 
or by using the Security Configuration and Analysis 
snap-in. 
e Content: Log file name, date and time, and the 
results of the analysis or investigation. 


e Location: 


%windir%\*<user 
account>\Documents\Security\Templates 


e Created by: Running the Security Template snap- 
in. 

e File type: Text 

e Refresh rate: Overwritten each time the security 
template is updated. 

© Content: Contains the set up information for the 
template for each policy selected using the snap-in. 


secedit /analyze 
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Allows you to analyze current systems settings against baseline settings that are stored in a database. 


Syntax 


secedit /analyze /db <database file name> [/cfg <configuration file name>] [/overwrite] [/log <log file name>] 
[/quiet}] 


Parameters 


PARAMETER DESCRIPTION 


/db Required. Specifies the path and file name of the database 
containing the stored configuration against which the analysis 
is performed. If the file name specifies a database that hasn't 
had a security template (as represented by the configuration 
file) associated with it, the 

/cfg <configuration file name> option must also be 


specified. 


/cfg Specifies the path and file name for the security template that 
will be imported into the database for analysis. This option is 
only valid when used with the /db <database file name> 
parameter. If this parameter isn't also specified, the analysis is 
performed against any configuration already stored in the 
database. 


/overwrite Specifies whether the security template in the /cfg parameter 
should overwrite any template or composite template that is 
stored in the database, instead of appending the results to 
the stored template. This option is only valid when the 

/cfg <configuration file name> parameter is also used. If 
this parameter isn't also specified, the template in the /cfg 
parameter is appended to the stored template. 


/log Specifies the path and file name of the log file to be used in 
the process. If you don't specify a file location, the default log 
file, 


<systemroot>\Documents and Settings\<UserAccount>\My 
Documents\Security\Logs\<databasename>. log 


is used. 


/quiet Suppresses screen output. You can still view analysis results 
by using the Security Configuration and Analysis snap-in to 
the Microsoft Management Console (MMC). 


Examples 


To perform the analysis for the security parameters on the security database, SecDbContoso.sdb, and then direct 
the output to the file SecAnalysisContosoFY17 7, including prompts to verify the command ran correctly, type: 


secedit /analyze /db C:\Security\FY11\SecDbContoso.sdb /log C:\Security\FY11\SecAnalysisContosoFY11. log 


To incorporate changes required by the analysis process on the SecContoso.inffile, and then to direct the output to 
the existing file, SecAnalysisContosoFY7 7, without prompting, type: 


secedit /analyze /db C:\Security\FY11\SecDbContoso.sdb /cfg SecContoso.inf /overwrite /log 
C:\Security\FY11\SecAnalysisContosoFY11.xml /quiet 


Additional References 


Command-Line Syntax Key 
e secedit /configure 

e secedit /export 

è secedit /generaterollback 
e secedit /import 


e secedit /validate 


secedit /configure 


11/2/2020 * 2 minutes to read * Edit Online 





Allows you to configure the current system settings using security settings stored in a database. 


Syntax 


secedit /configure /db <database file name> [/cfg <configuration file name>] [/overwrite] [/areas 
[securitypolicy | group mgmt | user rights | regkeys | filestore | services]] [/log <log file name>] [/quiet] 


Parameters 


PARAMETER DESCRIPTION 


/db Required. Specifies the path and file name of the database 
containing the stored configuration. If the file name specifies a 
database that hasn't had a security template (as represented 
by the configuration file) associated with it, the 

/cfg <configuration file name> option must also be 
specified. 


/cfg Specifies the path and file name for the security template that 
will be imported into the database for analysis. This option is 
only valid when used with the /db <database file name> 
parameter. If this parameter isn't also specified, the analysis is 
performed against any configuration already stored in the 
database. 


/overwrite Specifies whether the security template in the /cfg parameter 
should overwrite any template or composite template that is 
stored in the database, instead of appending the results to 
the stored template. This option is only valid when the 

/cfg <configuration file name> parameter is also used. If 
this parameter isn't also specified, the template in the /cfg 
parameter is appended to the stored template. 


/areas Specifies the security areas to be applied to the system. If this 
parameter is not specified, all security settings defined in the 
database are applied to the system. To configure multiple 
areas, separate each area by a space. The following security 
areas are supported: 

e securitypolicy: Local policy and domain policy for 
the system, including account policies, audit policies, 
security options, and so on. 

® group_mgmt: Restricted group settings for any 
groups specified in the security template. 

e user_rights: User logon rights and granting of 
privileges. 

e regkeys: Security on local registry keys. 

e filestore: Security on local file storage. 

e services: Security for all defined services. 


PARAMETER DESCRIPTION 


/log Specifies the path and file name of the log file to be used in 
the process. If you don't specify a file location, the default log 
file, 


<systemroot>\Documents and Settings\<UserAccount>\My 
Documents\Security\Logs\<databasename>. log 


is used. 


/quiet Suppresses screen and log output. You can still view analysis 
results by using the Security Configuration and Analysis snap- 
in to the Microsoft Management Console (MMC). 


Examples 


To perform the analysis for the security parameters on the security database, SecDbContoso.sdb, and then direct 
the output to the file SecAnalysisContosoFY77, including prompts to verify the command ran correctly, type: 


secedit /analyze /db C:\Security\FY11\SecDbContoso.sdb /log C:\Security\FY11\SecAnalysisContosoFY11. log 


To incorporate changes required by the analysis process on the SecContoso.inffile, and then to direct the output 
to the existing file, SecAnalysisContosoFY1 1, without prompting, type: 


secedit /configure /db C:\Security\FY11\SecDbContoso.sdb /cfg SecContoso.inf /overwrite /log 
C:\Security\FY11\SecAnalysisContosoFY11. xml /quiet 


Additional References 


Command-Line Syntax Key 
èe secedit /analyze 

e secedit /export 

e secedit /generaterollback 
e secedit /import 


e secedit /validate 


secedit /export 
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Exports security settings stored in a database configured with security templates. You can use this command to 
backup your security policies on a local computer, in addition to importing the settings to another computer. 


Syntax 


secedit /export /db <database file name> [/mergedpolicy] /cfg <configuration file name> [/areas 
[securitypolicy | group_mgmt | user_rights | regkeys | filestore | services]] [/log <log file name>] [/quiet] 


Parameters 


PARAMETER DESCRIPTION 


/db Required. Specifies the path and file name of the database 
containing the stored configuration against which the export 
is performed. If the file name specifies a database that hasn't 
had a security template (as represented by the configuration 
file) associated with it, the 

/cfg <configuration file name> option must also be 
specified. 


/mergedpolicy Merges and exports domain and local policy security settings. 


/cfg Required. Specifies the path and file name for the security 
template that will be imported into the database for analysis. 
This option is only valid when used with the 
/db <database file name> parameter. If this parameter 
isn't also specified, the analysis is performed against any 
configuration already stored in the database. 


/areas Specifies the security areas to be applied to the system. If this 
parameter is not specified, all security settings defined in the 
database are applied to the system. To configure multiple 
areas, separate each area by a space. The following security 
areas are supported: 
© securitypolicy: Local policy and domain policy for 
the system, including account policies, audit policies, 
security options, and so on. 

© group_mgmt: Restricted group settings for any 
groups specified in the security template. 

e user_rights: User logon rights and granting of 
privileges. 

e regkeys: Security on local registry keys. 

e filestore: Security on local file storage. 

© services: Security for all defined services. 


PARAMETER DESCRIPTION 


/log Specifies the path and file name of the log file to be used in 
the process. If you don't specify a file location, the default log 
file, 


<systemroot>\Documents and Settings\<UserAccount>\My 
Documents\Security\Logs\<databasename>.log 


is used. 


/quiet Suppresses screen and log output. You can still view analysis 
results by using the Security Configuration and Analysis 
snap-in to the Microsoft Management Console (MMC). 


Examples 
To export the security database and the domain security policies to an inf file, and then import that file to a 


different database in order to replicate the security policy settings on another computer, type: 


secedit /export /db C:\Security\FY11\SecDbContoso.sdb /mergedpolicy /cfg SecContoso.inf /log 
C:\Security\FY11\SecAnalysisContosoFY11.log /quiet 


To import your example file to a different database on another computer, type: 


secedit /import /db C:\Security\FY12\SecDbContoso.sdb /cfg SecContoso.inf /log 
C:\Security\FY11\SecAnalysisContosoFY12.log /quiet 


Additional References 


e Command-Line Syntax Key 
e secedit /analyze 

e secedit /configure 

e secedit /generaterollback 
e secedit /import 


èe secedit /validate 


secedit /generaterollback 
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Allows you to generate a rollback template for a specified configuration template. If an existing rollback template 
exists, running this command again will overwrite the existing information. 


Successfully running this command logs the mismatches between the specified security template the security 
policy configuration into the scesrv.log file. 


Syntax 


secedit /generaterollback /db <database file name> /cfg <configuration file name> /rbk <rollback template 
file name> [/log <log file name>] [/quiet] 


Parameters 


PARAMETER DESCRIPTION 


/db Required. Specifies the path and file name of the database 
containing the stored configuration against which the analysis 
is performed. If the file name specifies a database that hasn't 
had a security template (as represented by the configuration 
file) associated with it, the 

/cfg <configuration file name> option must also be 
specified. 


/cfg Required. Specifies the path and file name for the security 
template that will be imported into the database for analysis. 
This option is only valid when used with the 
/db <database file name> parameter. If this parameter 
isn't also specified, the analysis is performed against any 
configuration already stored in the database. 


/rbk Required. Specifies a security template into which the rollback 
information is written. Security templates are created using 
the Security Templates snap-in. Rollback files can be created 
with this command. 


/log Specifies the path and file name of the log file to be used in 
the process. If you don't specify a file location, the default log 
file, 


<systemroot>\Documents and Settings\<UserAccount>\My 
Documents\Security\Logs\<databasename>.log 


is used. 


/quiet Suppresses screen and log output. You can still view analysis 
results by using the Security Configuration and Analysis 
snap-in to the Microsoft Management Console (MMC). 


Examples 


To create the rollback configuration file, for the previously created Secimp/Contoso.inf file, while saving the 
original settings, and then write out the action to the SecAnalysisContosoFY1 I log file, type: 


secedit /generaterollback /db C:\Security\FY11\SecDbContoso.sdb /cfg sectmplcontoso.inf /rbk 
sectmplcontosoRBK.inf /log C:\Security\FY11\SecAnalysisContosoFY11. log 


Additional References 
e Command-Line Syntax Key 

e secedit /analyze 

e secedit /configure 

èe secedit /export 

e secedit /import 


e secedit /validate 


secedit /import 
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Imports security settings (.inf file), previously exported from the database configured with security templates. 





IMPORTANT 


Before you import an .inf file to another computer, you must run the secedit /generaterollback command on the 


database on which the import will be performed. 


You must also run the secedit /validate command on the import file to verify its integrity. 











Syntax 


secedit /import /db <database file name> /cfg <configuration file name> [/overwrite] [/areas [securitypolicy 
| group_mgmt | user_rights | regkeys | filestore | services]] [/log <log file name>] [/quiet] 


Parameters 


PARAMETER DESCRIPTION 


/db Required. Specifies the path and file name of the database 
containing the stored configuration against which the import 
is performed. If the file name specifies a database that hasn't 
had a security template (as represented by the configuration 
file) associated with it, the 

/cfg <configuration file name> option must also be 
specified. 


/overwrite Specifies whether the security template in the /cfg parameter 
should overwrite any template or composite template that is 
stored in the database, instead of appending the results to 
the stored template. This option is only valid when the 

/cfg <configuration file name> parameter is also used. 
If this parameter isn't also specified, the template in the /cfg 
parameter is appended to the stored template. 


/cfg Required. Specifies the path and file name for the security 
template that will be imported into the database for analysis. 
This option is only valid when used with the 
/db <database file name> parameter. If this parameter 
isn't also specified, the analysis is performed against any 
configuration already stored in the database. 


PARAMETER DESCRIPTION 


/areas Specifies the security areas to be applied to the system. If this 
parameter is not specified, all security settings defined in the 
database are applied to the system. To configure multiple 
areas, separate each area by a space. The following security 
areas are supported: 

& securitypolicy: Local policy and domain policy for 
the system, including account policies, audit policies, 
security options, and so on. 


e group mgmt: Restricted group settings for any 
groups specified in the security template. 

& user rights: User logon rights and granting of 
privileges. 

e regkeys: Security on local registry keys. 

e filestore: Security on local file storage. 

e services: Security for all defined services. 


/log Specifies the path and file name of the log file to be used in 
the process. If you don't specify a file location, the default log 
file, 


<systemroot>\Documents and Settings\<UserAccount>\My 
Documents\Security\Logs\<databasename>. log 


is used. 


/quiet Suppresses screen and log output. You can still view analysis 
results by using the Security Configuration and Analysis 
snap-in to the Microsoft Management Console (MMC). 


Examples 


To export the security database and the domain security policies to an inf file, and then to import that file to a 
different database to replicate the policy settings on another computer, type: 


secedit /export /db C:\Security\FY11\SecDbContoso.sdb /mergedpolicy /cfg NetworkShare\Policies\SecContoso. inf 
/log C:\Security\FY11\SecAnalysisContosoFY11.log /quiet 


To import just the security policies portion of the file to a different database on another computer, type: 


secedit /import /db C:\Security\FY12\SecDbContoso.sdb /cfg NetworkShare\Policies\SecContoso.inf /areas 
securitypolicy /log C:\Security\FY11\SecAnalysisContosoFY12.log /quiet 


Additional References 


e Command-Line Syntax Key 
e secedit /analyze 

e secedit /configure 

e secedit /export 

e secedit /generaterollback 


e secedit /validate 


secedit /validate 
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Validates the security settings stored in a security template (.inf file). Validating security templates can help you 
determine if one is corrupted or inappropriately set. Corrupted or inappropriately set security templates aren't 
applied. 


Syntax 


secedit /validate <configuration file name> 


Parameters 
PARAMETER DESCRIPTION 
«configuration file name> Required. Specifies the path and file name for the security 
template that will be validated. Log files aren't updated by 
this command. 
Examples 


To verify that the rollback .inf file, secRBKcontoso.inf is still valid after rollback, type: 


secedit /validate secRBKcontoso.inf 


Additional References 


e Command-Line Syntax Key 
èe secedit /analyze 

e secedit /configure 

e secedit /export 

e secedit /generaterollback 


e secedit /import 


select commands 
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Shifts the focus to a disk, partition, volume, or virtual hard disk (VHD). 


Syntax 


select disk 
select partition 
select vdisk 
select volume 


Parameters 
PARAMETER DESCRIPTION 
Select disk Shifts the focus to a disk. 
Select partition Shifts the focus to a partition. 
Select vdisk Shifts the focus to a VHD. 
Select volume Shifts the focus to a volume. 
Remarks 


e If avolume is selected with a corresponding partition, the partition will be automatically selected. 


e Ifa partition is selected with a corresponding volume, the volume will be automatically selected. 


Additional References 


e Command-Line Syntax Key 


select disk 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, 
Windows Server 2012 R2, Windows Server 2012 


Selects the specified disk and shifts the focus to it. 


Syntax 


select disk={<n>|<disk path>|system|next} 


Parameters 


PARAMETER DESCRIPTION 


<n> Specifies the number of the disk to receive focus. You can 
view the numbers for all the disks on the computer by 
using the list disk command in DiskPart. 
NOTE 
When configuring systems with multiple disks, don't 
use select disk=0 to specify the system disk. The 
computer may reassign disk numbers when you 
reboot, and different computers with the same disk 
configuration can have different disk numbers. 


<disk path> Specifies the location of the disk to receive focus, for 
example, PCIROOT(@)#PCI(@FO2)#atA(CQ@T@@Le@) . To 
view the location path of a disk, select it and then type 
detail disk. 


system On BIOS computers, this option specifies that disk 0 
receives focus. On EFI computers, the disk containing the 
EFI system partition (ESP), used for the current boot, 
receives focus. On EFI computers, the command will fail if 
there's no ESP if there's more than one ESP or if the 
computer is booted from Windows Preinstallation 
Environment (Windows PE). 


next After a disk is selected, this option iterates over all disks in 
the disk list. When you run this option, the next disk in the 
list receives focus. 


Examples 


To shift the focus to disk 1, type: 


select disk=1 


To select a disk by using its location path, type: 


select disk=PCIROOT(@)#PCI(0100)#atA(C@@T@@LO1) 
To shift the focus to the system disk, type: 
select disk=system 
To shift the focus to the next disk on the computer, type: 


select disk=next 


Additional References 


Command-Line Syntax Key 


select partition command 


select vdisk command 


select volume command 


select partition 


11/2/2020 * 2 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, 
Windows Server 2012 R2, Windows Server 2012 


Selects the specified partition and shifts the focus to it. This command can also be used to display the partition 
that currently has the focus in the selected disk. 


Syntax 


select partition=<n> 


Parameters 
PARAMETER DESCRIPTION 
partition= <n> The number of the partition to receive the focus. You can 
view the numbers for all partitions on the disk currently 
selected by using the list partition command in DiskPart. 
Remarks 


e Before you can select a partition you must first select a disk using the select disk command. 


o If no partition number is specified, this option displays the partition that currently has the focus in 
the selected disk. 


o Ifavolume is selected with a corresponding partition, the partition is automatically selected. 


o Ifa partition is selected with a corresponding volume, the volume is automatically selected. 


Examples 


To shift the focus to partition 3, type: 
select partitition=3 
To display the partition that currently has the focus in the selected disk, type: 


select partition 


Additional References 

e Command-Line Syntax Key 

e create partition efi command 

e create partition extended command 


e create partition logical command 


create partition msr command 
create partition primary command 
delete partition command 

detail partition command 

select disk command 

select vdisk command 


select volume command 


select vdisk 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, 


Windows Server 2012 R2, Windows Server 2012 


Selects the specified virtual hard disk (VHD) and shifts the focus to it. 


Syntax 


select vdisk file=<full path> [noerr] 


Parameters 


PARAMETER 


file= <full path> 


noerr 


Examples 


To shift the focus to the VHD named c'|test|testvhd type: 


select vdisk file=c:\test\test.vhd 


Additional References 


e Command-Line Syntax Key 
e attach vdisk 

e compact vdisk 

e detach vdisk 

e detail vdisk 

e expand vdisk 

e merge vdisk 

e list 

e select disk command 

e select partition command 


e select volume command 


DESCRIPTION 


Specifies the full path and file name of an existing VHD file. 


Used for scripting only. When an error is encountered, 
DiskPart continues to process commands as if the error did 
not occur. Without this parameter, an error causes DiskPart 
to exit with an error code. 


select volume 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, 
Windows Server 2012 R2, Windows Server 2012 


Selects the specified volume and shifts the focus to it. This command can also be used to display the volume 
that currently has the focus in the selected disk. 


Syntax 


select volume=(<n>|<d>) 


Parameters 
PARAMETER DESCRIPTION 
<n> The number of the volume to receive the focus. You can 
view the numbers for all volumes on the disk currently 
selected by using the list volume command in DiskPart. 
<d> The drive letter or mount point path of the volume to 
receive the focus. 
Remarks 


e |f no volume is specified, this command displays the volume that currently has the focus in the selected 
disk. 


e On a basic disk, selecting a volume also gives the focus to the corresponding partition. 
o Ifa volume is selected with a corresponding partition, the partition will be automatically selected. 


o Ifa partition is selected with a corresponding volume, the volume will be automatically selected. 


Examples 


To shift the focus to volume 2, type: 
select volume=2 
To shift the focus to Drive G, type: 
select volume=c 
To shift the focus to the volume mounted on a folder named c:\mountpath, type: 


select volume=c:\mountpath 


To display the volume that currently has the focus in the selected disk, type: 


select volume 


Additional References 


Command-Line Syntax Key 

add volume command 
attributes volume command 
create volume mirror command 
create volume raid command 
create volume simple command 
create volume stripe command 
delete volume command 

detail volume command 

fsutil volume command 

list volume command 

offline volume command 

onine volume command 

select disk command 

select partition command 


select vdisk command 


serverceipoptin 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Allows you to participate in the Customer Experience Improvement Program (CEIP). 


Syntax 


serverceipoptin [/query] [/enable] [/disable] 


Parameters 
PARAMETER DESCRIPTION 
/query Verifies your current setting. 
/enable Turns on your participation in CEIP 
/disable Turns off your participation in CEIP 
/? Displays help at the command prompt. 
Examples 


To verify your current settings, type: 
serverceipoptin /query 

To turn on your participation, type: 
serverceipoptin /enable 

To turn off your participation, type: 
serverceipoptin /disable 


Additional References 


e Command-Line Syntax Key 


servermanagercmd 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Installs and removes roles, role services, and features. Also displays the list of all roles, role services, and features 
available, and shows which are installed on this computer. 


IMPORTANT 


This command, servermanagercmd, has been deprecated and it's not guaranteed to be supported in future releases of 


Windows. We recommend instead that you use the Windows PowerShell cmdlets that are available for Server Manager. For 


more information, see Install or Uninstall Roles, Role Services, or Features. 





Syntax 


servermanagercmd -query [[[<drive>:]<path>]<query.xml>] [-logpath [[<drive>:]<path>]<log.txt>] 
servermanagercmd -inputpath [[[<drive>:]<path>]<answer.xml>] [-resultpath <result.xml> [-restart] | -whatif] 
[-logpath [[<drive>:]<path>]<log.txt>] 

servermanagercmd -install <id> [-allSubFeatures] [-resultpath [[<drive>:]<path>]<result.xml> [-restart] | - 
whatif] [-logpath [[<Drive>: ]<path>]<log.txt>] 


servermanagercmd -remove <id> [-resultpath <result.xml> [-restart] | -whatif] [-logpath [[<drive>:]<path>] 
<log.txt>] 
servermanagercmd [-help | -?] 


servermanagercmd -version 


Parameters 

PARAMETER DESCRIPTION 

-query [[[<drive>:]<path>]<query.xml>] Displays a list of all roles, role services, and features installed 
and available for installation on the server. You can also use 
the short form of this parameter, -q. If you want the query 
results saved to an XML file, specify an XML file to replace 

<query.xml> . 
-inputpath [[[<drive>:]<path>]<answer.xml>] Installs or removes the roles, role services, and features 


specified in an XML answer file represented by <answer.xml> 
. You can also use the short form of this parameter, -p. 


PARAMETER 


-install <id> 


DESCRIPTION 


Installs the role, role service, or feature specified by <id> . 
The identifiers are case-insensitive. Multiple roles, role services, 
and features must be separated by spaces. The following 
optional parameters are used with the -install parameter: 
e -setting <SettingName>=<SettingValue> - Specifies 
required settings for the installation. 
e -allSubFeatures - Specifies the installation of all 
subordinate services and features along with the 
parent role, role service, or feature named in the 
<id> value. 


NOTE 

Some role containers do not have a command line 
identifier to allow installation of all role services. 
This is the case when role services cannot be 
installed in the same instance of the Server 
Manager command. For example, the Federation 
Service role service of active directory Federation 
Services and the Federation Service Proxy role 
service cannot be installed by using the same 
Server Manager command instance. 


e -resultpath <result.xml> - Saves installation 
results to an XML file represented by <result.xml> . 
You can also use the short form of this parameter, -r. 


NOTE 

You can't run servermanagercmd with both the - 
resultpath parameter and the -whatif parameter 
specified. 


e -restart - Restarts the computer automatically when 
installation is complete (if restarting is required by the 
roles or features installed). 

e -whatif - Displays any operations specified for the - 
install parameter. You can also use the short form of 
the -whatif parameter, -w. You can't run 
servermanagercmd with both the -resultpath 
parameter and the -whatif parameter specified. 

e -logpath <[[<drive>:]<path>]<log.txt>> - 
Specifies a name and location for the log file, other 
than the default, %windir%\temp\servermanager.log . 


PARAMETER DESCRIPTION 


-remove <id> Removes the role, role service, or feature specified by <id> . 
The identifiers are case-insensitive. Multiple roles, role services, 
and features must be separated by spaces. The following 
optional parameters are used with the -remove parameter: 

e -resultpath <[[<drive>:]<path>]result.xml> - 
Saves removal results to an XML file represented by 
<result.xml> . You can also use the short form of 


this parameter, -r. 


NOTE 
You can't run servermanagercmd with both the - 
resultpath and the -whatif parameters specified. 


e -restart - Restarts the computer automatically when 
removal is complete (if restarting is required by 
remaining roles or features). 

e -whatif - Displays any operations specified for the - 
remove parameter. You can also use the short form of 
the -whatif parameter, -w. You can't run 
servermanagercmd with both the -resultpath and 
the -whatif parameters specified. 

e -logpath <[[<Drive>:]<path>]<log.txt>> - 
Specifies a name and location for the log file, other 
than the default, %windir%\temp\servermanager.log 


-version Displays the Server Manager version number. You can also use 
the short form, -v. 


-help Displays help in the Command prompt window. You can also 
use the short form, -?. 


Examples 


To display a list of all roles, role services, and features available, and which roles, role services, and features are 
installed on the computer, type: 


servermanagercmd -query 


To install the Web Server (IIS) role, and save the installation results to an XML file represented by /nsta//Resultxml, 


type: 


servermanagercmd -install Web-Server -resultpath installResult.xml 


To display detailed information about the roles, role services, and features that would be installed or removed, 
based upon instructions that are specified in an XML answer file represented by install.xml, type: 


servermanagercmd -inputpath install.xml -whatif 


Additional References 


e Command-Line Syntax Key 


e Server Manager overview 


serverweroptin 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 
Allows you to turn on error reporting. 


Syntax 


serverweroptin [/query] [/detailed] [/summary] 


Parameters 


PARAMETER 
/query 
/detailed 
/summary 
R 
Examples 
To verify the current setting, type: 
serverweroptin /query 
To automatically send detailed reports, type: 
serverweroptin /detailed 
To automatically send summary reports, type: 


serverweroptin /summary 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Verifies your current setting. 


Specifies to send detailed reports automatically. 


Specifies to send summary reports automatically. 


Displays help at the command prompt. 


Services for Network File System command-line 


tools 
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Services for Network File System (NFS) provides a file sharing solution that lets you transfer files between 
computers running Windows Server and UNIX operating systems using the NFS protocol. 


Information and links to each of the associated NFS command-line tools: 


COMMAND DESCRIPTION 


mapadmin Manage User Name Mapping for Microsoft Services for 
Network File System. 


mount Mount Network File System (NFS) network shares. 
nfsadmin Manage Server for NFS and Client for NFS. 

nfsshare Control Network File System (NFS) shares. 

nfsstat Display or reset counts of calls made to Server for NFS. 
rpcinfo List programs on remote computers. 

showmount Display mounted directories. 


Additional References 


e Command-Line Syntax Key 


set (environment variable) 
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Displays, sets, or removes cmd.exe environment variables. If used without parameters, set displays the current 
environment variable settings. 





NOTE 


This command requires command extensions, which are enabled by default. 





The set command can also run from the Windows Recovery Console, using different parameters. For more 
information, see Windows Recovery Environment (WinRE). 


Syntax 


set [<variable>=[<string>]] 
set [/p] <variable>=[<promptString>] 
set /a <variable>=<expression> 


Parameters 
PARAMETER DESCRIPTION 
<variable> Specifies the environment variable to set or modify. 
<string> Specifies the string to associate with the specified environment 
variable. 
/p Sets the value of <variable> toa line of input entered by 
the user. 
<promptstring> Specifies a message to prompt the user for input. This 
parameter must be used with the /p parameter. 
/a Sets <string> to a numerical expression that is evaluated. 
<expression> Specifies a numerical expression. 
/? Displays help at the command prompt. 
Remarks 


e |f command extensions are enabled (the default) and you run set with a value, it displays all of the variables 
that begin with that value. 


e The characters <, >, |, &,and * are special command shell characters, and they must be preceded by 
the escape character ( ^ ) or enclosed in quotation marks when used in <string> (for example, 
"StringContaining&Symbol"). If you use quotation marks to enclose a string that contains one of the special 
characters, the quotation marks are set as part of the environment variable value. 


e Use environment variables to control the behavior of some batch files and programs and to control the way 


Windows and the MS-DOS subsystem appears and works. The set command is often used in the 
Autoexec.nt file to set environment variables. 


If you use the set command without any parameters, the current environment settings are displayed. These 
settings usually include the COMSPEC and PATH environment variables, which are used to help find 
programs on disk. Two other environment variables used by Windows are PROMPT and DIRCMD. 


If you specify values for <variable> and <string> , the specified <variable> value is added to the 
environment and <string> is associated with that variable. If the variable already exists in the environment, 


the new string value replaces the old string value. 


If you specify only a variable and an equal sign (without <string> ) for the set command, the <string> 


value associated with the variable is cleared (as if the variable is not there). 


If you use the /a parameter, the following operators are supported, in descending order of precedence: 


OPERATOR OPERATION PERFORMED 
D Grouping 

low - Unary 

KEN Arithmetic 

D Arithmetic 

«< >> Logical shift 

& Bitwise AND 

^ Bitwise exclusive OR 

= *= /= %= += -= &= ^= pr KE 

, Expression separator 


If you use logical ( && or || ) or modulus (%) operators, enclose the expression string in quotation marks. 
Any non-numeric strings in the expression are considered environment variable names, and their values are 
converted to numbers before they are processed. If you specify an environment variable name that is not 
defined in the current environment, a value of zero is allotted, which allows you to perform arithmetic with 


environment variable values without using the % to retrieve a value. 


If you run set /a from the command line outside of a command script, it displays the final value of the 


expression. 


Numeric values are decimal numbers unless prefixed by 0x for hexadecimal numbers or 0 for octal 


numbers. Therefore, 0x12 is the same as 18, which is the same as 022. 


Delayed environment variable expansion support is disabled by default, but you can enable or disable it by 
using cmd /v. 


When creating batch files, you can use set to create variables, and then use them in the same way that you 
would use the numbered variables %0 through %9. You can also use the variables %0 through %9 as input 
for set. 


If you call a variable value from a batch file, enclose the value with percent signs (%). For example, if your 


batch program creates an environment variable named BAUD, you can use the string associated with BAUD 
as a replaceable parameter by typing %baud% at the command prompt. 


Examples 


To set an environment variable named TEST 1, type: 


set testVar=test*‘*1 


The set command assigns everything that follows the equal sign (=) to the value of the variable. Therefore, if you 
type set testVar=test*1 , you'll get the following result, testvar=test*1 . 


To set an environment variable named 7£S7&7, type: 


set testVar=test*&1 


To set an environment variable named /NVCLUDE so the string c:\directory is associated with it, type: 


set include=c:\directory 


You can then use the string c\directory in batch files by enclosing the name INCLUDE with percent signs (%). For 
example, you can use dir %include% in a batch file to display the contents of the directory associated with the 
INCLUDE environment variable. After this command is processed, the string c:\directory replaces %include%. 


To use the set command in a batch program to add a new directory to the PATH environment variable, type: 


@echo off 

rem ADDPATH.BAT adds a new directory 
rem to the path environment variable. 
set path=%1;%path% 

set 


To display a list of all of the environment variables that begin with the letter P, type: 


set p 


Additional References 


e Command-Line Syntax Key 


set commands (shadow copy creation) 


11/2/2020 * 2 minutes to read * Edit Online 





Sets the context, options, verbose mode, and metadata file for shadow copy creation. If used without parameters, 
set lists all current settings. 


Syntax 


set 

set context 
set option 
set verbose 
set metadata 


Parameters 
PARAMETERS DESCRIPTION 
set context Sets the context for shadow copy creation. 
set metadata Sets the name and location of the shadow creation metadata 
file. 
set option Sets options for shadow copy creation. 
set verbose Turns the verbose output mode on or off. 
/? Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


Set context 
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Sets the context for shadow copy creation. If used without parameters, set context displays help at the command 
prompt. 


Syntax 


set context (clientaccessible | persistent [nowriters] | volatile [nowriters]) 


Parameters 
PARAMETER DESCRIPTION 
clientaccessible Specifies that the shadow copy is usable by client versions of 
Windows. This context is persistent by default. 
persistent Specifies that the shadow copy persists across program exit, 
reset, or restart. 
volatile Deletes the shadow copy on exit or reset. 
nowriters Specifies that all writers are excluded. 
Examples 


To prevent shadow copies from being deleted when you exit DiskShadow, type: 


set context persistent 


Additional References 


e Command-Line Syntax Key 
e set metadata command 
e set option command 


e set verbose command 


set id (Diskpart) 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the partition type field for the partition with focus. This command doesn't work on dynamic disks or on 
Microsoft Reserved partitions. 


IMPORTANT 


This command is intended for use by original equipment manufacturers (OEMs) only. Changing partition type fields with this 
parameter might cause your computer to fail or be unable to boot. Unless you are an OEM or experienced with gpt disks, 


you should not change partition type fields on gpt disks by using this parameter. Instead, always use the create partition efi 
command to create EFI system partitions, the create partition msr command to create Microsoft Reserved partitions, and 


the create partition primary command without the ID parameter to create primary partitions on gpt disks. 





Syntax 


set id={ <byte> | <GUID> } [override] [noerr] 


Parameters 


PARAMETER DESCRIPTION 


<byte> For master boot record (MBR) disks, specifies the new value 
for the type field, in hexadecimal form, for the partition. Any 
partition type byte can be specified with this parameter 
except for type 0x42, which specifies an LDM partition. Note 
that the leading 0x is omitted when specifying the 
hexadecimal partition type. 


<GUID> For GUID partition table (gpt) disks, specifies the new GUID 
value for the type field for the partition. Recognized GUIDs 
include: 
e EFI system partition: c12a7328-f81f-11d2-ba4b- 
00a0c93ec93b 
e Basic data partition: ebd0a0a2-b9e5-4433-87c0- 
68b6b72699c7 


Any partition type GUID can be specified with this parameter 

except the following: 

© Microsoft Reserved partition: e3c9e316-0b5c- 
A4db8-817d-f92df00215ae 

e LDM metadata partition on a dynamic disk: 
5808c8aa-7e8f-42e0-85d2-e1e90434cfb3 

e LDM data partition on a dynamic disk: 
af9b60a0-1431-4f62-bc68-3311714a69ad 

e Cluster metadata partition: db97dba9-0840- 
4bae-97f0-ffb9a327c7e1 


PARAMETER 


override 


noerr 


Remarks 


DESCRIPTION 


forces the file system on the volume to dismount before 
changing the partition type. When you run the set id 
command, DiskPart attempts to lock and dismount the file 
system on the volume. If override isn't specified, and the call 
to lock the file system fails (for example, because there is an 
open handle), the operation fails. If override is specified, 
DiskPart forces the dismount even if the call to lock the file 
system fails, and any open handles to the volume will stop 
being valid. 


Used for scripting only. When an error is encountered, 
DiskPart continues to process commands as if the error did 
not occur. Without this parameter, an error causes DiskPart to 
exit with an error code. 


e Other than the limitations previously mentioned, DiskPart doesn't check the validity of the value that you 


specify (except to ensure that it is a byte in hexadecimal form or a GUID). 


Examples 


To set the type field to 0x07 and force the file system to dismount, type: 


set id=@x@7 override 


To set the type field to be a basic data partition, type: 


set id=ebdøØaØa2-b9e5-4433-87cØ-68b6b72699c7 


Additional References 


e Command-Line Syntax Key 


set metadata 
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Sets the name and location of the shadow creation metadata file used to transfer shadow copies from one 
computer to another. If used without parameters, set metadata displays help at the command prompt. 


Syntax 


set metadata [<drive>:][<path>]<metadata.cab> 


Parameters 
PARAMETER DESCRIPTION 
[<drive>:][<path>] Specifies the location to create the metadata file. 
<metadata.cab> Specifies the name of the cab file to store shadow creation 


metadata. 


Additional References 


e Command-Line Syntax Key 
e set context command 
e set option command 


e set verbose command 


set option 
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Sets the options for shadow copy creation. If used without parameters, set option displays help at the command 


prompt. 


Syntax 


set option ([differential | plex] [transportable] [[rollbackrecover] [txfrecover] | [noautorecover]]) 


Parameters 


PARAMETER 


[differential] 


[plex] 


[transportable] 


[rollbackrecover] 


[txfrecover] 


[noautorecover] 


Additional References 


Command-Line Syntax Key 


set context command 


set metadata command 


set verbose command 


DESCRIPTION 


Specifies to create a point-in-time snapshot of specified 
volumes. 


Specifies to create a point-in-time clone copy of the data on a 
specified volume. 


Specifies that the shadow copy is not to be imported yet. The 
metadata .cab file can later be used to import the shadow 
copy to the same or a different computer. 


Signals writers to use autorecover during the PostSnapshot 
event. This is useful if the shadow copy will be used for 
rollback (for example, with data mining). 


Requests VSS to make the shadow copy transactionally 
consistent during creation. 


Stops writers and the file system from performing any 
recovery changes to the shadow copy to a transactionally 
consistent state. Noautorecover can't be used with 
txfrecover or rollbackrecover. 


Set verbose 
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Specifies whether verbose output is provided during shadow copy creation. If used without parameters, set 
verbose displays help at the command prompt. 


Syntax 


set verbose {on | off} 


Parameters 
PARAMETER DESCRIPTION 
on Turns on verbose output logging during the shadow copy 
creation process. If verbose mode is on, set provides details 
of writer inclusion or exclusion and details of metadata 
compression and extraction. 
off Turns off verbose output logging during the shadow copy 


creation process. 


Additional References 


e Command-Line Syntax Key 
e set context command 
e set metadata command 


e set option command 


setx 
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Creates or modifies environment variables in the user or system environment, without requiring programming or scripting. The Setx 


command also retrieves the values of registry keys and writes them to text files. 





NOTE 





This command provides the only command-line or programmatic way to directly and permanently set system environment values. System 
environment variables are manually configurable through Control Panel or through a registry editor. The set command, which is internal to the 
command interpreter (Cmd.exe), sets user environment variables for the current console window only. 








Syntax 


setx [/s <computer> [/u [<domain>\]<user name> [/p [<password>]]]] <variable> <value> [/m] 
setx [/s <computer> [/u [<domain>\]<user name> [/p [<password>]]]] <variable>] /k <path> [/m] 
setx [/s <computer> [/u [<domain>\]<user name> [/p [<password>]]]] /f <filename> {[<variable>] {/a <X>,<Y> | /r <X>,<Y> <String>} 


[/m] | /x} [/d <delimiters>] 


Parameters 


PARAMETER 


/S <computer> 


/u  [<domain>\]<user name> 


/p[ <password> ] 


<variable> 


<value> 


/k <path> 


/f <filename> 


/a <X>,<Y> 


/¥ <X>,<Y> <String> 


/m 


/x 


/d <delimiters> 


R 


Remarks 


DESCRIPTION 


Specifies the name or IP address of a remote computer. Do not use 
backslashes. The default value is the name of the local computer. 


Runs the script with the credentials of the specified user account. The 
default value is the system permissions. 


Specifies the password of the user account that is specified in the /u 
parameter. 


Specifies the name of the environment variable that you want to set. 


Specifies the value to which you want to set the environment variable. 


Specifies that the variable is set based on information from a registry key. 

The path uses the following syntax: \\<HIVE>\<KEY>\...\<Value> . For 

example, you might specify the following path: 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation\s 


Specifies the file that you want to use. 


Specifies absolute coordinates and offset as search parameters. 


Specifies relative coordinates and offset from String as search parameters. 


Specifies to set the variable in the system environment. The default setting 
is the local environment. 


Displays file coordinates, ignoring the /a, /r, and /d command-line options. 


Specifies delimiters such as, or \ to be used in addition to the four built-in 
delimiters — SPACE, TAB, ENTER, and LINEFEED. Valid delimiters include 
any ASCII character. The maximum number of delimiters is 15, including 
built-in delimiters. 


Displays help at the command prompt. 


e This command is similar to the UNIX utility SETENV. 


e You can use this command to set values for user and system environment variables from one of three sources (modes): Command 
Line Mode, Registry Mode, or File Mode. 


e This command writes variables to the master environment in the registry. Variables set with setx variables are available in future 


command windows only, not in the current command window. 


e HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE are the only supported hives. REG DWORD, REG EXPAND SZ, REG SZ, 
and REG_MULTI_SZ are the valid RegKey data types. 


e If you gain access to REG_MULTI_SZ values in the registry, only the first item is extracted and used. 


e You can't use this command to remove values added to the local or system environments. You can use this command with a 


variable name and no value to remove a corresponding value from the local environment. 
e REG_DWORD registry values are extracted and used in hexadecimal mode. 
e File mode supports the parsing of carriage return and line feed (CRLF) text files only. 
e Running this command on an existing variable removes any variable references and uses expanded values. 


For instance, if the variable %PATH% has a reference to %JAVADIR%, and %PATH% is manipulated using setx, %JAVADIR% is 
expanded and its value is assigned directly to the target variable %PATH%. This means that future updates to %JAVADIR% will not 
be reflected in the %PATH% variable. 


e Be aware there's a limit of 1024 characters when assigning contents to a variable using setx. 


This means that the content is cropped if you go over 1024 characters, and that the cropped text is what's applied to the target 
variable. If this cropped text is applied to an existing variable, it can result in loss of data previously held by the target variable. 


Examples 


To set the MACHINE environment variable in the local environment to the value Brand, type: 
setx MACHINE Brand1 

To set the MACHINE environment variable in the system environment to the value Brand7 Computer, type: 
setx MACHINE Brand1 Computer /m 

To set the MYPATH environment variable in the local environment to use the search path defined in the PA7H environment variable, type: 
setx MYPATH %PATH% 


To set the MYPATH environment variable in the local environment to use the search path defined in the PA7H environment variable after 
replacing ~ with %, type: 


setx MYPATH ~PATH~ 
To set the MACHINE environment variable in the local environment to Brand7 on a remote computer named computer, type: 
setx /s computer1 /u maindom\hiropln /p p@ssW23 MACHINE Brand1 


To set the MYPATH environment variable in the local environment to use the search path defined in the PATH environment variable on a 
remote computer named computer 7, type: 


setx /s computer1 /u maindom\hiropln /p p@ssW23 MYPATH %PATH% 


To set the 7ZONE environment variable in the local environment to the value found in the 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZonelnformation\StandardName registry key, type: 


setx TZONE /k HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation\StandardName 


To set the TZONE environment variable in the local environment of a remote computer named computer? to the value found in the 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZonelnformation\StandardName registry key, type: 


setx /s computer1 /u maindom\hiropln /p p@ssW23 TZONE /k 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation\StandardName 


To set the BU/LD environment variable in the system environment to the value found in the 
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\CurrentBuildNumber registry key, type: 


setx BUILD /k HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\CurrentBuildNumber /m 


To set the BUILD environment variable in the system environment of a remote computer named Computer1 to the value found in the 
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\CurrentBuildNumber registry key, type: 


setx /s computer1 /u maindom\hiropln /p p@ssW23 BUILD /k HKEY_LOCAL_MACHINE\Software\Microsoft\Windows 
NT\CurrentVersion\CurrentBuildNumber /m 


To display the contents of a file named /pconfig.out along with the contents’ corresponding coordinates, type: 
setx /f ipconfig.out /x 

To set the /PADDR environment variable in the local environment to the value found at the coordinate 5,77 in the /pconfig.outfile, type: 
setx IPADDR /f ipconfig.out /a 5,11 


To set the OCTET7 environment variable in the local environment to the value found at the coordinate 5,3 in the /oconfig.out file with 
delimiters #$*., type: 


setx OCTET1 /f ipconfig.out /a 5,3 /d #$*. 


To set the /PGATEWAY environment variable in the local environment to the value found at the coordinate 0,7 with respect to the 


coordinate of Gateway in the /pconfig.outfile, type: 
setx IPGATEWAY /f ipconfig.out /r @,7 Gateway 


To display the contents of the /oconfig.out file, along with the contents' corresponding coordinates, on a computer named computer 7, 


type: 


setx /s computer1 /u maindom\hiropln /p p@ssW23 /f ipconfig.out /x 


Additional References 


e Command-Line Syntax Key 


Sfc 


11/2/2020 * 2 minutes to read » Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Scans and verifies the integrity of all protected system files and replaces incorrect versions with correct versions. If 


this command discovers that a protected file has been overwritten, it retrieves the correct version of the file from 


the systemroot\system32\dllcache folder, and then replaces the incorrect file. 





IMPORTANT 


You must be logged on as a member of the Administrators group to run this command. 





Syntax 


sfc [/scannow] [/verifyonly] [/scanfile=<file>] [/verifyfile=<file>] [/offwindir=<offline windows directory> 


/offbootdir=<offline boot directory>] 


Parameters 


PARAMETER 


/scannow 

/verifyonly 

/scanfile <file> 

/verifyfile <file> 

/offwindir <offline windows directory> 
/offbootdir <offline boot directory> 
/? 


Examples 


To verify the kernel/32.dll file type: 


sfc /verifyfile=c:\windows\system32\kernel132.d11 


DESCRIPTION 


Scans the integrity of all protected system files and repairs files 
with problems when possible. 


Scans the integrity of all protected system files, without 
performing repairs. 


Scans the integrity of the specified file (full path and filename) 
and attempts to repair any problems if they're detected. 


Verifies the integrity of the specified file (full path and 
filename), without performing repairs. 


Specifies the location of the offline windows directory, for 
offline repair. 


Specifies the location of the offline boot directory for offline 
repair. 


Displays help at the command prompt. 


To set up the offline repair of the kerne/32.all file with an offline boot directory set to *D:* and an offline windows 
directory set to D:\windows, type: 


sfc /scanfile=D: \windows\system32\kernel32.d11 /offbootdir=D:\ /offwindir=d:\windows 


Additional References 


e Command-Line Syntax Key 


shadow 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Enables you to remotely control an active session of another user on a Remote Desktop Session Host server. 


Syntax 


shadow {<sessionname> | <sessionID>} [/server:<servername>] [/v] 


Parameters 
PARAMETER DESCRIPTION 
<sessionname> Specifies the name of the session that you want to remotely 
control. 
<sessionID> Specifies the ID of the session that you want to remotely 
control. Use query user to display the list of sessions and 
their session IDs. 

/server: <servername> Specifies the Remote Desktop Session Host server containing 
the session that you want to remotely control. By default, the 
current Remote Desktop Session Host4 server is used. 

N Displays information about the actions being performed. 

/? Displays help at the command prompt. 

Remarks 


e You can either view or actively control the session. If you choose to actively control a user's session, you will 
be able to input keyboard and mouse actions to the session. 


e You can always remotely control your own sessions (except the current session), but you must have Full 


Control permission or remote Control special access permission to remotely control another session. 
e You can also initiate remote control by using Remote Desktop Services Manager. 


e Before monitoring begins, the server warns the user that the session is about to be remotely controlled, 
unless this warning is disabled. Your session might appear to be frozen for a few seconds while it waits for a 
response from the user. To configure remote control for users and sessions, use the Remote Desktop 
Services Configuration tool or the Remote Desktop Services extensions to Local Users and Groups and 
active directory Users and computers. 


e Your session must be capable of supporting the video resolution used at the session that you are remotely 
controlling or the operation fails. 


e The console session can neither remotely control another session nor can it be remotely controlled by 
another session. 


e When you want to end remote control (shadowing), press CTRL+ * (by using * from the numeric keypad 


only). 


Examples 


To shadow session 93, type: 
shadow 93 
To shadow the session ACCTGO1, type: 


shadow ACCTGØ1 


Additional References 
e Command-Line Syntax Key 


e Remote Desktop Services (Terminal Services) Command Reference 


shift 
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Changes the position of batch parameters in a batch file. 


Syntax 


shift [/n <N>] 


Parameters 
PARAMETER DESCRIPTION 
/n <N> Specifies to start shifting at the Ath argument, where ‘Vis any 
value from 0 to 8. Requires command extensions, which are 
enabled by default. 
/ Displays help at the command prompt. 
Remarks 


e The shift command changes the values of the batch parameters %0 through %9 by copying each 
parameter into the previous one—the value of %1 is copied to %0, the value of %2 is copied to %1, and so 
on. This is useful for writing a batch file that performs the same operation on any number of parameters. 


e |f command extensions are enabled, the shift command supports the /n command-line option. The /n 
option specifies to start shifting at the Nth argument, where N is any value from 0 to 8. For example, SHIFT 
/2 would shift %3 to %2, %4 to %3, and so on, and leave %0 and %1 unaffected. Command extensions are 
enabled by default. 


e You can use the shift command to create a batch file that can accept more than 10 batch parameters. If you 
specify more than 10 parameters on the command line, those that appear after the tenth (%9) will be shifted 
one ata time into %9. 


e The shift command has no effect on the %* batch parameter. 

e There's no backward shift command. After you implement the shift command, you can't recover the batch 
parameter (%0) that existed before the shift. 

Examples 


To use a batch file, called Mycopy.bat, to copy a list of files to a specific directory, type: 


@echo off 

rem MYCOPY.BAT copies any number of files 
rem to a directory. 

rem The command uses the following syntax: 
rem mycopy dir file1 file2 ... 

set todir=%1 

:getfile 

shift 

if %1== goto end 

copy %1 %todir% 

goto getfile 

: end 

set todir= 

echo All done 


Additional References 


e Command-Line Syntax Key 


showmount 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


You can use showmount to display information about mounted file systems exported by Server for NFS on a 
specified computer. If you don't specify a server, this command displays information about the computer on which 


the showmount command is run. 


Syntax 


showmount {-e|-a|-d} <server> 


Parameters 


PARAMETER 


Additional References 


e Command-Line Syntax Key 


e Services for Network File System Command Reference 


DESCRIPTION 


Displays all the file systems exported on the server. 


Displays all Network File System (NFS) clients and the 
directories on the server each has mounted. 


Displays all directories on the server that are currently 
mounted by NFS clients. 


shrink 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


The Diskpart shrink command reduces the size of the selected volume by the amount you specify. This command 
makes free disk space available from the unused space at the end of the volume. 


A volume must be selected for this operation to succeed. Use the select volume command to select a volume and 
shift the focus to it. 





NOTE 


This command works on basic volumes, and on simple or spanned dynamic volumes. It doesn't work on original equipment 
manufacturer (OEM) partitions, Extensible Firmware Interface (EFI) system partitions, or recovery partitions. 





Syntax 


shrink [desired=<n>] [minimum=<n>] [nowait] [noerr] 
shrink querymax [noerr] 


Parameters 
PARAMETER DESCRIPTION 
desired= <n> Specifies the desired amount of space in megabytes (MB) to 
reduce the size of the volume by. 
minimum= <n> Specifies the minimum amount of space in MB to reduce the 
size of the volume by. 
querymax Returns the maximum amount of space in MB by which the 
volume can be reduced. This value may change if applications 
are currently accessing the volume. 
nowait Forces the command to return immediately while the shrink 
process is still in progress. 
noerr For scripting only. When an error is encountered, DiskPart 
continues to process commands as if the error did not occur. 
Without this parameter, an error causes DiskPart to exit with 
an error code. 
Remarks 


e You can reduce the size of a volume only if it is formatted using the NTFS file system or if it does not have a 
file system. 


e Ifa desired amount isn't specified, the volume is reduced by the minimum amount (if specified). 


e Ifa minimum amount isn't specified, the volume is reduced by the desired amount (if specified). 


e |f neither a minimum amount nor a desired amount is specified, the volume is reduced by as much as 


possible. 


e ifa minimum amount is specified, but not enough free space is available, the command fails. 


Examples 


To reduce the size of the selected volume by the largest possible amount between 250 and 500 megabytes, type: 
shrink desired=50@ minimum=25@ 

To display the maximum number of MB that the volume can be reduced by, type: 
shrink querymax 


Additional References 


e Command-Line Syntax Key 


e Resize-Partition 


shutdown 
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Enables you to shut down or restart local or remote computers, one at a time. 


Syntax 


shutdown [/i | /1 | /s | /sg | /r | /g | /a | /p | /h | /e | /o] [/hybrid] [/fw] [/f] [/m \\computer][/t xxx] 
[/d [p|u:]xx:yy [/c "comment"]] 


Parameters 

PARAMETER DESCRIPTION 

fi Displays the Remote Shutdown box. The /i option must be 
the first parameter following the command. If /i is specified, all 
other options are ignored. 

Å Logs off the current user immediately, with no time-out 
period. You cannot use /I with /m or /t. 

/s Shuts down the computer. 

/sg Shuts down the computer. On the next boot, if Automatic 
Restart Sign-On is enabled, the device automatically signs in 
and locks based on the last interactive user. After sign in, it 
restarts any registered applications. 

/t Restarts the computer after shutdown. 

/9 Shuts down the computer. On the next restart, if Automatic 
Restart Sign-On is enabled, the device automatically signs in 
and locks based on the last interactive user. After sign in, it 
restarts any registered applications. 

/a Aborts a system shutdown. Effective only during the time-out 
period. To use /a, you must also use the /m option. 

/p Turns off the local computer only (not a remote computer)— 
with no time-out period or warning. You can use /p only with 
/d or /f. If your computer doesn't support power-off 
functionality, it will shut down when you use /p, but the 
power to the computer will remain on. 

/h Puts the local computer into hibernation, if hibernation is 
enabled. You can use /h only with /f. 

hybrid Shuts down the device and prepares it for fast startup. This 
option must be used with the /s option. 

/fw Combining this option with a shutdown option causes the 


next restart to go to the firmware user interface. 


PARAMETER 


/e 


/o 


/f 


/M \\<computername> 


ft <xxx> 


/d [p | u:]<XX>:<YY> 


/C <comment> 


L 


Remarks 


DESCRIPTION 


Enables you to document the reason for the unexpected 
shutdown on the target computer. 


Goes to the Advanced boot options menu and restarts the 
device. This option must be used with the /r option. 


Forces running applications to close without warning users. 
Caution: Using the /f option might result in loss of unsaved 
data. 


Specifies the target computer. Can't be used with the /I option. 


Sets the time-out period before shutdown to xxx seconds. The 
valid range is 0-315360000 (10 years), with a default of 30. If 
the timeout period is greater than 0, the /f parameter is 
implied. 


Lists the reason for the system restart or shutdown. The 
supported parameter values are: 

e p- Indicates that the restart or shutdown is planned. 
e u - Indicates that the reason is user-defined. 


NOTE 
If p or u aren't specified, the restart or shutdown is 
unplanned. 


e xx- Specifies the major reason number (a positive 
integer, less than 256). 

e yy Specifies the minor reason number (a positive 
integer, less than 65536). 


Enables you to comment in detail about the reason for the 
shutdown. You must first provide a reason by using the /d 
option and you must enclose your comments in quotation 
marks. You can use a maximum of 511 characters. 


Displays help at the command prompt, including a list of the 
major and minor reasons that are defined on your local 
computer. 


e Users must be assigned the Shut down the system user right to shut down a local or remotely 


administered computer that is using the shutdown command. 


e Users must be members of the Administrators group to annotate an unexpected shutdown of a local or 


remotely administered computer. If the target computer is joined to a domain, members of the Domain 


Admins group might be able to perform this procedure. For more information, see: 


o Default local groups 


o Default groups 


e |f you want to shut down more than one computer at a time, you can call shutdown for each computer by 


using a script, or you can use shutdown /i to display the Remote Shutdown box. 


e If you specify major and minor reason codes, you must first define these reason codes on each computer 


where you plan to use the reasons. If the reason codes aren't defined on the target computer, Shutdown 


Event Tracker can't log the correct reason text. 


e Remember to indicate that a shutdown is planned by using the p parameter. Not using the p parameter, 


indicates that the shutdown was unplanned. 


o Using the p parameter, along the reason code for an unplanned shutdown, causes the shutdown to 
fail. 


o Not using the p parameter, and only providing the reason code for an planned shutdown, also causes 


the shutdown to fail 


Examples 


To force apps to close and to restart the local computer after a one-minute delay, with the reason Application: 
Maintenance (Planned) and the comment "Reconfiguring myapp.exe", type: 


shutdown /r /t 680 /c "Reconfiguring myapp.exe" /f /d p:4:1 
To restart the remote computer myremoteserver with the same parameters as the previous example, type: 


shutdown /r /m \\myremoteserver /t 60 /c "Reconfiguring myapp.exe" /f /d p:4:1 


Additional References 


e Command-Line Syntax Key 


Simulate restore 
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Tests whether writer involvement in restore sessions will be successful on the computer without issuing 
PreRestore or PostRestore events to writers. 


NOTE 
A DiskShadow metadata file must be selected for the simulate restore command to succeed. Use the load metadata 
command to load the selected writers and components for the restore. 





Syntax 


simulate restore 





Additional References 


e Command-Line Syntax Key 


e load metadata command 


sort 
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Reads input, sorts data, and writes the results to the screen, to a file, or to another device. 


Syntax 


sort [/r] [/+<N>] [/m <kilobytes>] [/1 <locale>] [/rec <characters>] [[<drive1l>:][<pathl>]<filename1>] [/t 
[<drive2>:][<path2>]] [/o [<drive3>:][<path3>]<filename3>] 


Parameters 

PARAMETER DESCRIPTION 

fr Reverses the sort order (that is, sorts from Z to A and from 9 
to 0). 

/+<N> Specifies the character position number where sort will begin 
each comparison. N can be any valid integer. 

/m <kilobytes> Specifies the amount of main memory to use for the sort in 
kilobytes (KB). 

/| <locale> Overrides the sort order of characters that are defined by the 
system default locale (that is, the language and 
Country/Region selected during installation). 

/rec <characters> Specifies the maximum number of characters in a record or a 
line of the input file (the default value is 4,096 and the 
maximum is 65,535). 

[<drive1>: ][<path1>]<filename1> Specifies the file to be sorted. If no file name is specified, the 
standard input is sorted. Specifying the input file is faster than 
redirecting the same file as standard input. 

/t [<drive2>:][<path2>] Specifies the path of the directory to hold the sort 
command's working storage if the data does not fit in the 
main memory. By default, the system temporary directory is 
used. 

/0 [<drive3>:][<path3>]<filename3> Specifies the file where the sorted input is to be stored. If not 
specified, the data is written to the standard output. 
Specifying the output file is faster than redirecting standard 
output to the same file. 

/? Displays help at the command prompt. 

Remarks 


e By default, comparisons start at the first character of each line. The /+ command-line option starts 
comparisons at the character that is specified by V. For example, /+3 indicates that each comparison 
should begin at the third character of each line. Lines with fewer than N characters collate before other lines. 


e The memory used is always a minimum of 160 KB. If the memory size is specified, the exact specified 
amount is used for the sort (must be at least 160 KB), regardless of how much main memory is available. 


e The default maximum memory size when no size is specified is 90% of the available main memory, if both 
the input and output are files, or 45% of main memory otherwise. The default setting usually gives the best 
performance. 


e Currently, the only alternative to the default locale is the C locale, which is faster than natural language 
sorting (it sorts characters according to their binary encodings). 


e You can use the pipe symbol ( | ) to direct input data to the sort command from another command or to 
direct sorted output to another command. You can specify input and output files by using redirection 
symbols ( < or > ).It can be faster and more efficient (especially with large files) to specify the input file 
directly (as defined by filename7 in the command syntax), and then specify the output file using the /o 
parameter. 


e Thesort command doesn't distinguish between uppercase and lowercase letters and has no limit on file 
size. 


e The sort program uses the collating-sequence table that corresponds to the Country/Region code and 
code-page settings. Characters greater than ASCII code 127 are sorted based on information in the 
Country.sys file or in an alternate file specified by the country command in your Config.nt file. 


e Ifthe sort fits within the maximum memory size (as set by default or as specified by the /m parameter), the 
sort is performed in a single pass. Otherwise, the sort is performed in two separate sort and merge passes, 
and the amounts of memory used for both passes are equal. When two passes are performed, the partially 
sorted data is stored in a temporary file on disk. If there is not enough memory to perform the sort in two 
passes, a run-time error is issued. If the /m command-line option is used to specify more memory than is 
truly available, performance degradation or a run-time error can occur. 


Examples 


e Tosort and display, in reverse order, the lines in a file named expenses.txt type: 
sort /r expenses.txt 


e Tosearch a large file named maillist.txt for the text Jones, and to sort the results of the search using the pipe 
( | ) to direct the output of a find command to the sort command, type: 


find Jones maillist.txt | sort 


The command produces a sorted list of lines that contain the specified text. 


e To sort keyboard input and display the results alphabetically on the screen, you can first use the sort 
command with no parameters, by typing: 


sort 


Then type the text that you want sorted, and press ENTER at the end of each line. When you have finished 
typing text, press CTRL+Z, and then press ENTER. The sort command displays the text you typed, sorted 
alphabetically. 


Additional References 


e Command-Line Syntax Key 


Start 
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Starts a separate Command Prompt window to run a specified program or command. 


Syntax 


start [<title>] [/d <path>] [/i] [{/min | /max}] [{/separate | /shared}] [{/low | /normal | /high | /realtime 


| /abovenormal | belownormal}] [/affinity <hexaffinity>] [/wait] [/elevate] [/b] [<command> [<parameter>... ] 
| <program> [<parameter>... ]] 
Parameters 
PARAMETER DESCRIPTION 
<title> Specifies the title to display in the Command Prompt 


/d <path> 


/i 


{/min | /max} 


{/separate | /shared} 


{/low | /normal | /high | /realtime | /abovenormal | 


belownormal} 


/affinity <hexaffinity> 


/wait 


/elevate 


/b 


[<command> [<parameter>... ] | <program> 
[<parameter>... ]] 


<parameter> 


window title bar. 


Specifies the startup directory. 


Passes the Cmd.exe startup environment to the new 
Command Prompt window. If /i is not specified, the current 
environment is used. 


Specifies to minimize (/min) or maximize (/max) the new 
Command Prompt window. 


Starts 16-bit programs in a separate memory space 
(/separate) or shared memory space (/shared). These 
options are not supported on 64-bit platforms. 


Starts an application in the specified priority class. 


Applies the specified processor affinity mask (expressed as a 
hexadecimal number) to the new application. 


Starts an application and waits for it to end. 


Runs application as administrator. 


Starts an application without opening a new Command 
Prompt window. CTRL+C handling is ignored unless the 
application enables CTRL+C processing. Use CTRL+ BREAK to 
interrupt the application. 


Specifies the command or program to start. 


Specifies parameters to pass to either the command or the 
program. 


PARAMETER DESCRIPTION 


/ Displays help at the command prompt. 


Remarks 


e You can run non-executable files through their file association by typing the name of the file as a command. 


e Ifyou run a command that contains the string CMD as the first token without an extension or path qualifier, 
CMD is replaced with the value of the COMSPEC variable. This prevents users from picking up cmd from the 
current directory. 


e If you run a 32-bit graphical user interface (GUI) application, cmd does not wait for the application to quit 
before returning to the command prompt. This behavior does not occur if you run the application from a 
command script. 


e If you run a command that uses a first token that does not contain an extension, Cmd.exe uses the value of 
the PATHEXT environment variable to determine which extensions to look for and in what order. The default 
value for the PATHEXT variable is: 


.COM; .EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH; .MSC 


Note that the syntax is the same as the PATH variable, with semicolons (;) separating each extension. 


e When searching for an executable file, if there is no match on any extension, start checks to see if the name 
matches a directory name. If it does, start opens Explorer.exe on that path. 


Examples 


To start the Myapp program at the command prompt and retain use of the current Command Prompt window, 


type: 
start Myapp 

To view the start command-line help topic in a separate maximized Command Prompt window, type: 
start /max start /? 


Additional References 


e Command-Line Syntax Key 


subst 
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Associates a path with a drive letter. If used without parameters, subst displays the names of the virtual drives in 
effect. 


Syntax 


subst [<drive1>: [<drive2>:]<path>] 
subst <drive1>: /d 


Parameters 
PARAMETER DESCRIPTION 
«drive1>: Specifies the virtual drive to which you want to assign a path. 
[<drive2>: ]<path> Specifies the physical drive and path that you want to assign 
to a virtual drive. 
/d Deletes a substituted (virtual) drive. 
R Displays help at the command prompt. 
Remarks 


e The following commands don't work and must not be used on drives specified in the subst command: 
o chkdsk command 
diskcomp command 
diskcopy command 
format command 
label command 
recover command 


e The <drive1> parameter must be within the range that is specified by the lastdrive command. If not, subst 


displays the following error message: Invalid parameter - drivel: 


Examples 


To create a virtual drive z for the path b:\user\betty\forms, type: 


subst z: b:\user\betty\forms 


Instead of typing the full path, you can reach this directory by typing the letter of the virtual drive followed by a 
colon as follows: 


Additional References 


e Command-Line Syntax Key 


sxstrace 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Diagnoses side-by-side problems. 


Syntax 


sxstrace [{[trace -logfile:<filename> [-nostop]|[parse -logfile:<filename> -outfile:<parsedfile> [-filter: 
<appname>]}] 


Parameters 
PARAMETER DESCRIPTION 
trace Enables tracing for side-by-side. 
-logfile Specifies the raw log file. 
<filename> Saves tracing log to <filename . 
-nostop Specifies that you shouldn't receive a prompt to stop tracing. 
parse Translates the raw trace file. 
-outfile Specifies the output filename. 
<parsedfile> Specifies the filename of the parsed file. 
-filter Allows the output to be filtered. 
<appname> Specifies the name of the application. 
stoptrace Stops the trace, if it wasn't stopped before. 
-? Displays help at the command prompt. 
Examples 


To enable tracing and to save the trace file to sxstrace.eti, type: 


sxstrace trace -logfile:sxstrace.etl 


To translate the raw trace file into a human readable format and to save the result to sxstrace.txt type: 


sxstrace parse -logfile:sxstrace.etl -outfile:sxstrace.txt 


Additional References 


e Command-Line Syntax Key 


sysocmgr 
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The sysocmger command has been deprecated and isn't guaranteed to be supported in future releases of 
Windows. 


systeminfo 
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Displays detailed configuration information about a computer and its operating system, including operating 
system configuration, security information, product ID, and hardware properties (such as RAM, disk space, and 
network cards). 


Syntax 


systeminfo [/s <computer> [/u <domain>\<username> [/p <password>]]] [/fo {TABLE | LIST | CSV}] [/nh] 


Parameters 

PARAMETER DESCRIPTION 

/S <computer> Specifies the name or IP address of a remote computer (do 
not use backslashes). The default is the local computer. 

/U <domain>V<username> Runs the command with the account permissions of the 
specified user account. If /u is not specified, this command 
uses the permissions of the user who is currently logged on to 
the computer that is issuing the command. 

/P <password> Specifies the password of the user account that is specified in 
the /u parameter. 

/fo <format> Specifies the output format with one of the following values: 
e TABLE - Displays output in a table. 

e LIST - Displays output in a list. 
e CSV - Displays output in comma-separated values 
(.csv) format. 

/nh Suppresses column headers in the output. Valid when the /fo 
parameter is set to TABLE or CSV. 

/? Displays help at the command prompt. 

Examples 


To view configuration information for a computer named Srvmain, type: 


systeminfo /s srvmain 


To remotely view configuration information for a computer named Srvmain? that is located on the Maindom 
domain, type: 


systeminfo /s srvmain2 /u maindom\hiropin 


To remotely view configuration information (in list format) for a computer named Srvmain2 that is located on the 
Maindom domain, type: 


systeminfo /s srvmain2 /u maindom\hiropln /p p@ssW23 /fo list 


Additional References 


e Command-Line Syntax Key 


takeown 
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Enables an administrator to recover access to a file that previously was denied, by making the administrator the 
owner of the file. This command is typically used on batch files. 


Syntax 


takeown [/s <computer> [/u [<domain>\]<username> [/p [<password>]]]] /f <filename> [/a] [/r [/d {Y|N}]] 


Parameters 


PARAMETER DESCRIPTION 


/S <computer> Specifies the name or IP address of a remote computer (do 
not use backslashes). The default value is the local computer. 
This parameter applies to all of the files and folders specified in 
the command. 


/u [<domain>\]<username> Runs the script with the permissions of the specified user 
account. The default value is system permissions. 


/p [<[password>] Specifies the password of the user account that is specified in 
the /u parameter. 


/f <filename> Specifies the file name or directory name pattern. You can use 
the wildcard character * when specifying the pattern. You 
can also use the syntax <sharename>\<filename> . 


/a Gives ownership to the Administrators group instead of the 
current user. If you don't specify this option, file ownership is 
given to the user who is currently logged on to the computer. 


fr Performs a recursive operation on all files in the specified 
directory and subdirectories. 


/d {yY | N} Suppresses the confirmation prompt that is displayed when 

the current user does not have the List Folder permission on 
a specified directory, and instead uses the specified default 
value. Valid values for the /d option are: 
e Y - Take ownership of the directory. 
e N- Skip the directory. 

NOTE 

You must use this option in conjunction with the /r 

option. 


/? Displays help at the command prompt. 


Remarks 


e Mixed patterns using (? and *) aren't supported by takeown command. 


e After deleting the lock with takeown, you might have to use Windows Explorer to give yourself full 
permissions to the files and directories before you can delete them. 


Examples 


To take ownership of a file named Lostfile, type: 


takeown /f lostfile 


Additional References 


e Command-Line Syntax Key 


tapictg 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Creates, removes, or displays a TAPI application directory partition, or sets a default TAPI application directory 


partition. TAPI 3.1 clients can use the information in this application directory partition with the directory service 


locator service to find and communicate with TAPI directories. You can also use tapicfg to create or remove service 
connection points, which enable TAPI clients to efficiently locate TAPI application directory partitions in a domain. 


This command-line tool can be run on any computer that is a member of the domain. 


Syntax 


tapicfg install 
tapicfg remove 
tapicfg publishscp 
tapicfg removescp 
tapicfg show 
tapicfg makedefault 


Parameters 


PARAMETERS 
tapicfg install 
tapicfg remove 


tapicfg publishscp 
tapicfg removescp 
tapicfg show 
tapicfg makedefault 


Remarks 


DESCRIPTION 


Creates a TAPI application directory partition. 


Removes a TAPI application directory partition. 


Creates a service connection point to publish a TAPI 
application directory partition. 


Removes a service connection point for a TAPI application 
directory partition. 


Displays the names and locations of the TAPI application 
directory partitions in the domain. 


Sets the default TAPI application directory partition for the 
domain. 


e You must be a member of the Enterprise Admins group in Active Directory to run either tapicfg install 


(to create a TAPI application directory partition) or tapicfg remove (to remove a TAPI application directory 


partition). 


e User-supplied text (such as the names of TAPI application directory partitions, servers, and domains) with 


International or Unicode characters are only displayed correctly if appropriate fonts and language support 


are installed. 


You can still use Internet Locator Service (ILS) servers in your organization, if ILS is needed to support 
certain applications, because TAPI clients running Windows XP or a Windows Server 2003 operating system 
can query either ILS servers or TAPI application directory partitions. 


You can use tapicfg to create or remove service connection points. If the TAPI application directory partition 
is renamed for any reason (for example, if you rename the domain in which it resides), you must remove the 
existing service connection point and create a new one that contains the new DNS name of the TAPI 
application directory partition to be published. Otherwise, TAPI clients are unable to locate and access the 
TAPI application directory partition. You can also remove a service connection point for maintenance or 
security purposes (for example, if you do not want to expose TAPI data on a specific TAPI application 
directory partition). 


Additional References 


Command-Line Syntax Key 
tapicfg install 

tapicfg remove 

tapicfg publishscp 

tapicfg removescp 

tapicfg show 


tapicfg makedefault 


tapicfg install 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Creates a TAPI application directory partition. 





IMPORTANT 





You must be a member of the Enterprise Admins group in active directory to run this command. 








Syntax 


tapicfg install /directory:<partitionname> [/server:<DCname>] [/forcedefault ] 


Parameters 


PARAMETER 


install /directory:<partitionname> 


/server: <DCname> 


/forcedefault 


R 


Remarks 


DESCRIPTION 


Required. Specifies the DNS name of the TAPI application 
directory partition to be created. This name must be a fully- 
qualified domain name. 


Specifies the DNS name of the domain controller on which the 
TAPI application directory partition is created. If the domain 
controller name isn't specified, the name of the local computer 
is used. 


Specifies that this directory is the default TAPI application 
directory partition for the domain. There can be multiple TAPI 
application directory partitions in a domain. 

if this directory is the first TAPI application directory 

partition created on the domain, it's automatically set as 

the default, regardless of whether you use the 
/forcedefault option. 


Displays help at the command prompt. 


e This command-line tool can be run on any computer that is a member of the domain. 


e User-supplied text (such as the names of TAPI application directory partitions, servers, and domains) with 


International or Unicode characters are only displayed correctly if appropriate fonts and language support 


are installed. 


e You can still use Internet Locator Service (ILS) servers in your organization, if ILS is needed to support 


certain applications, because TAPI clients running Windows XP or a Windows Server 2003 operating 


system can query either ILS servers or TAPI application directory partitions. 


e You can use tapicfg to create or remove service connection points. If the TAPI application directory 
partition is renamed for any reason (for example, if you rename the domain in which it resides), you must 
remove the existing service connection point and create a new one that contains the new DNS name of the 
TAPI application directory partition to be published. Otherwise, TAPI clients are unable to locate and access 
the TAPI application directory partition. You can also remove a service connection point for maintenance or 
security purposes (for example, if you do not want to expose TAPI data on a specific TAPI application 
directory partition). 


Examples 


To create a TAPI application directory partition named tapifiction.testdom.microsoft.com on a server named 
testdc.testdom.microsoft.com, and then set it as the default TAPI application directory partition for the new 
domain, type: 


tapicfg install /directory:tapifiction.testdom.microsoft.com /server:testdc.testdom.microsoft.com 
/forcedefault 


Additional References 


e Command-Line Syntax Key 
e tapicfg remove 

è tapicfg publishscp 

e tapicfg removescp 

e tapicfg show 


e tapicfg makedefault 


tapicfg remove 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Removes a TAPI application directory partition. 





IMPORTANT 


You must be a member of the Enterprise Admins group in active directory to run this command. 








Syntax 


tapicfg remove /directory:<partitionname> 


Parameters 
PARAMETER DESCRIPTION 
remove /directory:<partitionname> Required. Specifies the DNS name of the TAPI application 
directory partition to be removed. Note that this name must 
be a fully-qualified domain name. 
/? Displays help at the command prompt. 
Remarks 


e This command-line tool can be run on any computer that is a member of the domain. 


e User-supplied text (such as the names of TAPI application directory partitions, servers, and domains) with 
International or Unicode characters are only displayed correctly if appropriate fonts and language support 
are installed. 


e You can still use Internet Locator Service (ILS) servers in your organization, if ILS is needed to support 
certain applications, because TAPI clients running Windows XP or a Windows Server 2003 operating 
system can query either ILS servers or TAPI application directory partitions. 


e You can use tapicfg to create or remove service connection points. If the TAPI application directory 
partition is renamed for any reason (for example, if you rename the domain in which it resides), you must 
remove the existing service connection point and create a new one that contains the new DNS name of the 
TAPI application directory partition to be published. Otherwise, TAPI clients are unable to locate and access 
the TAPI application directory partition. You can also remove a service connection point for maintenance or 
security purposes (for example, if you do not want to expose TAPI data on a specific TAP! application 
directory partition). 


Additional References 


e Command-Line Syntax Key 


e tapicfg install 


tapicfg publishscp 
tapicfg removescp 
tapicfg show 


tapicfg makedefault 


tapicfg publishscp 


11/2/2020 * 2 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates a service connection point to publish a TAPI application directory partition. 


Syntax 


tapicfg publishscp /directory:<partitionname> [/domain:<domainname>] [/forcedefault ] 


Parameters 

PARAMETER DESCRIPTION 

publishscp /directory:<partitionname> Required. Specifies the DNS name of the TAPI application 
directory partition that the service connection point will 
publish. 

/domain: <domainname> Specifies the DNS name of the domain in which the service 
connection point is created. If the domain name is not 
specified, the name of the local domain is used. 

/forcedefault Specifies that this directory is the default TAPI application 
directory partition for the domain. There can be multiple TAPI 
application directory partitions in a domain. 

R Displays help at the command prompt. 

Remarks 


e This command-line tool can be run on any computer that is a member of the domain. 


e User-supplied text (such as the names of TAPI application directory partitions, servers, and domains) with 
International or Unicode characters are only displayed correctly if appropriate fonts and language support 
are installed. 


e You can still use Internet Locator Service (ILS) servers in your organization, if ILS is needed to support 
certain applications, because TAPI clients running Windows XP or a Windows Server 2003 operating 
system can query either ILS servers or TAPI application directory partitions. 


e You can use tapicfg to create or remove service connection points. If the TAPI application directory 
partition is renamed for any reason (for example, if you rename the domain in which it resides), you must 
remove the existing service connection point and create a new one that contains the new DNS name of the 
TAPI application directory partition to be published. Otherwise, TAPI clients are unable to locate and access 
the TAPI application directory partition. You can also remove a service connection point for maintenance or 
security purposes (for example, if you do not want to expose TAPI data on a specific TAP! application 
directory partition). 


Additional References 


Command-Line Syntax Key 
tapicfg install 

tapicfg remove 

tapicfg removescp 

tapicfg show 


tapicfg makedefault 


tapicfg removescp 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Removes a service connection point for a TAPI application directory partition. 


Syntax 


tapicfg removescp /directory:<partitionname> [/domain:<domainname>] 


Parameters 

PARAMETER DESCRIPTION 

removescp /directory:<partitionname> Required. Specifies the DNS name of the TAPI application 
directory partition for which a service connection point is 
removed. 

/domain: <domainname> Specifies the DNS name of the domain from which the service 
connection point is removed. If the domain name isn't 
specified, the name of the local domain is used. 

/? Displays help at the command prompt. 

Remarks 


e This command-line tool can be run on any computer that is a member of the domain. 


e User-supplied text (such as the names of TAPI application directory partitions, servers, and domains) with 
International or Unicode characters are only displayed correctly if appropriate fonts and language support 
are installed. 


e You can still use Internet Locator Service (ILS) servers in your organization, if ILS is needed to support 
certain applications, because TAPI clients running Windows XP or a Windows Server 2003 operating 
system can query either ILS servers or TAPI application directory partitions. 


e You can use tapicfg to create or remove service connection points. If the TAPI application directory 
partition is renamed for any reason (for example, if you rename the domain in which it resides), you must 
remove the existing service connection point and create a new one that contains the new DNS name of the 
TAPI application directory partition to be published. Otherwise, TAPI clients are unable to locate and access 
the TAPI application directory partition. You can also remove a service connection point for maintenance or 
security purposes (for example, if you do not want to expose TAPI data on a specific TAPI application 
directory partition). 


Additional References 
e Command-Line Syntax Key 


e tapicfg install 


tapicfg remove 
tapicfg publishscp 
tapicfg show 


tapicfg makedefault 


tapicfg show 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays the names and locations of the TAPI application directory partitions in the domain. 


Syntax 


tapicfg show [/defaultonly] [/domain:<domainname>] 


Parameters 

PARAMETER DESCRIPTION 

/default only Displays the names and locations of only the default TAPI 
application directory partition in the domain. 

/domain: <domainname> Specifies the DNS name of the domain for which the TAPI 
application directory partitions are displayed. If the domain 
name isn't specified, the name of the local domain is used. 

£ Displays help at the command prompt. 

Remarks 


e This command-line tool can be run on any computer that is a member of the domain. 


e User-supplied text (such as the names of TAPI application directory partitions, servers, and domains) with 
International or Unicode characters are only displayed correctly if appropriate fonts and language support 
are installed. 


e You can still use Internet Locator Service (ILS) servers in your organization, if ILS is needed to support 
certain applications, because TAPI clients running Windows XP or a Windows Server 2003 operating 
system can query either ILS servers or TAPI application directory partitions. 


e You can use tapicfg to create or remove service connection points. If the TAPI application directory 
partition is renamed for any reason (for example, if you rename the domain in which it resides), you must 
remove the existing service connection point and create a new one that contains the new DNS name of the 
TAPI application directory partition to be published. Otherwise, TAPI clients are unable to locate and access 
the TAPI application directory partition. You can also remove a service connection point for maintenance or 
security purposes (for example, if you do not want to expose TAPI data on a specific TAPI application 
directory partition). 


Example 


To display the name of the default TAPI application directory partition for the new domain, type: 


tapicfg show /defaultonly 


Additional References 
e Command-Line Syntax Key 


e tapicfg install 


tapicfg remove 


tapicfg publishscp 


tapicfg removescp 


tapicfg makedefault 


tapicfg makedefault 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sets the default TAPI application directory partition for the domain. 


Syntax 


tapicfg makedefault /directory:<partitionname> [/domain:<domainname>] 


Parameters 

PARAMETER DESCRIPTION 

makedefault /directory:<partitionname> Required. Specifies the DNS name of the TAPI application 
directory partition set as the default partition for the domain. 
This name must be a fully-qualified domain name. 

/domain: <domainname> Specifies the DNS name of the domain for which the TAPI 
application directory partition is set as the default. If the 
domain name is not specified, the name of the local domain is 
used. 

/? Displays help at the command prompt. 

Remarks 
e This command-line tool can be run on any computer that is a member of the domain. 


User-supplied text (such as the names of TAPI application directory partitions, servers, and domains) with 
International or Unicode characters are only displayed correctly if appropriate fonts and language support 
are installed. 


You can still use Internet Locator Service (ILS) servers in your organization, if ILS is needed to support 
certain applications, because TAPI clients running Windows XP or a Windows Server 2003 operating 
system can query either ILS servers or TAPI application directory partitions. 


You can use tapicfg to create or remove service connection points. If the TAPI application directory 
partition is renamed for any reason (for example, if you rename the domain in which it resides), you must 
remove the existing service connection point and create a new one that contains the new DNS name of the 
TAPI application directory partition to be published. Otherwise, TAPI clients are unable to locate and access 
the TAPI application directory partition. You can also remove a service connection point for maintenance or 
security purposes (for example, if you do not want to expose TAPI data on a specific TAP! application 
directory partition). 


Additional References 


Command-Line Syntax Key 


tapicfg install 


tapicfg remove 
tapicfg publishscp 
tapicfg removescp 


tapicfg show 


EOI 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Ends one or more tasks or processes. Processes can be ended by process ID or image name. You can use the 
tasklist command command to determine the process ID (PID) for the process to be ended. 


NOTE 


This command replaces the kill tool. 





Syntax 


taskkill [/s <computer> [/u [<domain>\]<username> [/p [<password>]]]] {[/fi <filter>] [...] [/pid <processID> 
| /im <imagename>]) [/f] [/t] 


Parameters 

PARAMETER DESCRIPTION 

/S <computer> Specifies the name or IP address of a remote computer (do 
not use backslashes). The default is the local computer. 

/u <domain>\<username> Runs the command with the account permissions of the user 
who is specified by <username> or by 

<domain>\<username> . The /u parameter can be specified 
only if /s is also specified. The default is the permissions of the 
user who is currently logged on to the computer that is 
issuing the command. 

/P <password> Specifies the password of the user account that is specified in 
the /u parameter. 

/fi <filter> Applies a filter to select a set of tasks. You can use more than 
one filter or use the wildcard character ( * ) to specify all tasks 
or image names. The valid filters are listed in the Filter 
names, operators, and values section of this article. 

/pid <processID> Specifies the process ID of the process to be terminated. 

/im <imagename> Specifies the image name of the process to be terminated. Use 
the wildcard character ( * ) to specify all image names. 

/f Specifies that processes be forcefully ended. This parameter is 


ignored for remote processes; all remote processes are 
forcefully ended. 


PARAMETER 


/t 


Filter names, operators, and values 


FILTER NAME 


STATUS 


IMAGENAME 
PID 
SESSION 


CPUtime 


MEMUSAGE 


USERNAME 


SERVICES 
WINDOWTITLE 


MODULES 


Remarks 


VALID OPERATORS 


eq, ne 


eq, ne 


eq, ne, gt, It, ge, le 


eq, ne, gt, It, ge, le 


eq, ne, gt, It, ge, le 


eq, ne, gt, It, ge, le 


eq, ne 


eq, ne 


eq, ne 


eq, ne 


Ends the specified process and any child processes started by 


VALID VALUE(S) 


RUNNING | NOT RESPONDING | 
UNKNOWN 


Image name 


PID value 


Session number 


CPU time in the format HH:MM:SS, 
where MM and SS are between 0 and 
59 and HHis any unsigned number 


Memory usage in KB 


Any valid user name ( <user> or 


<domain\user> ) 


Service name 


Window title 


DLL name 


e The WINDOWTITLE and STATUS filters aren't supported when a remote system is specified. 


e The wildcard character ( * ) is accepted for the */im option, only when a filter is applied. 


e Ending a remote process is always carried out forcefully, regardless whether the /f option is specified. 


e Providing a computer name to the hostname filter causes a shutdown, stopping all processes. 


Examples 


To end the processes with process IDs 7230, 1247, and 1253, type: 


taskkill /pid 123@ /pid 1241 /pid 1253 


To forcefully end the process Notepad.exe if it was started by the system, type: 


taskkill /f /fi "USERNAME eq NT AUTHORITY\SYSTEM" /im notepad.exe 


To end all processes on the remote computer Srvmain with an image name beginning with note, while using the 


credentials for the user account Hirop/n, type: 
taskkill /s srvmain /u maindom\hiropln /p p@ssW23 /fi "IMAGENAME eq note*" /im * 


To end the process with the process ID 2734 and any child processes that it started, but only if those processes 
were started by the Administrator account, type: 


taskkill /pid 2134 /t /fi "username eq administrator" 


To end all processes that have a process ID greater than or equal to 1000, regardless of their image names, type: 


taskkill /f /fi "PID ge 1000" /im * 


Additional References 
e Command-Line Syntax Key 


e tasklist command 


tasklist 
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Displays a list of currently running processes on the local computer or on a remote computer. Tasklist replaces the 
tlist tool. 





NOTE 


This command replaces the tlist tool. 





Syntax 


tasklist [/s <computer> [/u [<domain>\]<username> [/p <password>]]] [{/m <module> | /svc | /v}] [/fo {table | 


list | csv}] [/nh] [/fi <filter> [/fi <filter> [ ... ]]] 
Parameters 
PARAMETER DESCRIPTION 
/S <computer> Specifies the name or IP address of a remote computer (do 


not use backslashes). The default is the local computer. 


/U <domain>\<username> Runs the command with the account permissions of the user 
who is specified by <username> or by 
<domain>\<username> . The /u parameter can be specified 
only if /s is also specified. The default is the permissions of the 
user who is currently logged on to the computer that is 
issuing the command. 


/P <password> Specifies the password of the user account that is specified in 
the /u parameter. 


/m <module> Lists all tasks with DLL modules loaded that match the given 
pattern name. If the module name is not specified, this option 
displays all modules loaded by each task. 


svc Lists all the service information for each process without 
truncation. Valid when the /fo parameter is set to table. 


N Displays verbose task information in the output. For complete 
verbose output without truncation, use /v and /svc together. 


/fo (table | list | csv) Specifies the format to use for the output. Valid values are 
table, list, and csv. The default format for output is table. 


/nh Suppresses column headers in the output. Valid when the /fo 
parameter is set to table or csv. 


PARAMETER 


/fi <filter> 


P? 


Filter names, operators, and values 


DESCRIPTION 


Specifies the types of processes to include in or exclude from 
the query. You can use more than one filter or use the 
wildcard character ( \ ) to specify all tasks or image names. 
The valid filters are listed in the Filter names, operators, 
and values section of this article. 


Displays help at the command prompt. 


FILTER NAME VALID OPERATORS VALID VALUE(S) 
STATUS eq, ne RUNNING | NOT RESPONDING | 
UNKNOWN 

. This filter isn't supported if you specify 
a remote system. 

IMAGENAME eq, ne Image name 

PID eq, ne, gt, It, ge, le PID value 

SESSION eq, ne, gt, It, ge, le Session number 

SESSIONNAME eq, ne Session name 

CPUtime eq, ne, gt, It, ge, le CPU time in the format HH:MM:SS, 
where MM and SS are between 0 and 
59 and HHis any unsigned number 

MEMUSAGE eq, ne, gt, It, ge, le Memory usage in KB 

USERNAME eq, ne Any valid user name ( <user> or 

<domain\user> ) 

SERVICES eq, ne Service name 

WINDOWTITLE eq, ne Window title. This filter isn't supported 
if you specify a remote system. 

MODULES eq, ne DLL name 

Examples 


To list all tasks with a process /D greater than 1000, and display them in csv format, type: 


tasklist /v /fi "PID gt 1000" /fo csv 


To list the system processes that are currently running, type: 


tasklist /fi "USERNAME ne NT AUTHORITY\SYSTEM" /fi "STATUS eq running" 


To list detailed information for all processes that are currently running, type: 


tasklist /v /fi "STATUS eq running" 


To list all the service information for processes on the remote computer srvmain, which has a DLL name beginning 
with ntdll, type: 


tasklist /s srvmain /svc /fi "MODULES eq ntdll*" 


To list the processes on the remote computer srvmain, using the credentials of your currently logged-on user 
account, type: 


tasklist /s srvmain 


To list the processes on the remote computer srvmain, using the credentials of the user account Hirop!/n, type: 


tasklist /s srvmain /u maindom\hiropln /p p@ssW23 


Additional References 


e Command-Line Syntax Key 


tcmsetup 
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Sets up or disables the TAPI client. For TAPI to function correctly, you must run this command to specify the remote 
servers that will be used by TAPI clients. 


IMPORTANT 


To use this command, you must be a member of the Administrators group on the local computer, or you must have been 


delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might 


be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure. 





Syntax 


tcmsetup [/q] [/x] /c <server1> [<server2> ..] 
tcmsetup [/q] /c /d 


Parameters 

PARAMETER DESCRIPTION 

/q Prevents the display of message boxes. 

/x Specifies that connection-oriented callbacks will be used for 
heavy traffic networks where packet loss is high. When this 
parameter is omitted, connectionless callbacks will be used. 

/c Required. Specifies client setup. 

<server1> Required. Specifies the name of the remote server that has the 
TAPI service providers that the client will use. The client will 
use the service providers’ lines and phones. The client must be 
in the same domain as the server or in a domain that has a 
two-way trust relationship with the domain that contains the 
server. 

«server2>.. Specifies any additional server or servers that will be available 
to this client. If you specify a list of servers is, use a space to 
separate the server names. 

/d Clears the list of remote servers. Disables the TAPI client by 
preventing it from using the TAPI service providers that are on 
the remote servers. 

/? Displays help at the command prompt. 

Remarks 


e Before a client user can use a phone or line on a TAPI server, the telephony server administrator must assign 
the user to the phone or line. 


e The list of telephony servers that is created by this command replaces any existing list of telephony servers 


available to the client. You can't use this command to add to the existing list. 


Additional References 


e Command-Line Syntax Key 
e Command shell overview 
e Specify telephony servers on a client computer 


e Assign a telephony user to a line or phone 


telnet 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Communicates with a computer running the telnet server service. Running this command without any parameters, 
lets you enter the telnet context, as indicated by the telnet prompt (Microsoft telnet>). From the telnet prompt, 
you can use telnet commands to manage the computer running the telnet client. 





IMPORTANT 


You must install the telnet client software before you can run this command. For more information, see Installing telnet. 





Syntax 


telnet [/a] [/e <escapechar>] [/f <filename>] [/1 <username>] [/t (vt1øØ | vt52 | ansi | vtnt)] [<host> 
[<port>]] [/?] 


Parameters 
PARAMETER DESCRIPTION 
/a Attempts automatic logon. Same as /I option, except that it 
uses the currently logged on user's name. 
/e <escapechar> Specifies the escape character used to enter the telnet client 
prompt. 
/f <filename> Specifies the file name used for client side logging. 
/| <username> Specifies the user name to log on with on the remote 
computer. 
/t {vt1e@ | vt52 | ansi | vtnt} Specifies the terminal type. Supported terminal types are 
vt100, vt52, ansi, and vtnt. 
<host> [<port>] Specifies the hostname or IP address of the remote computer 
to connect to, and optionally the TCP port to use (default is 
TCP port 23). 
/? Displays help at the command prompt. 
Examples 


To use telnet to connect to the computer running the telnet Server Service at telnet microsoftcom, type: 


telnet telnet.microsoft.com 


To use telnet to connect to the computer running the telnet Server Service at telnetmicrosoftcom on TCP port 44 
and ro log the session activity in a local file called te/net/og.txt type: 


telnet /f telnetlog.txt telnet.microsoft.com 44 


Additional References 
e Command-Line Syntax Key 
e Installing telnet 


e telnet Technical Reference 


telnet: close 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 





Closes the current connection. 


Syntax 


c[lose] 


Examples 





To close the current telnet connection, type: 


Additional References 


e Command-Line Syntax Key 


telnet: display 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 





Displays operating parameters. 


Syntax 


d[isplay] 


Examples 





To display operating parameters, type: 


C 


Additional References 


e Command-Line Syntax Key 


telnet: open 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 
Connects to a telnet server. 
Syntax 

o[pen] <hostname> [<port>] 


Parameters 


PARAMETER 


<hostname> 


[<port>] 


Examples 


To connect to a telnet server at felnetmicrosoftcom, type: 


o telnet.microsoft.com 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Specifies the computer name or IP address. 


Specifies the TCP port that the telnet server is listening on. 
The default is TCP port 23. 


telnet: quit 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 





Exits telnet. 


Syntax 


q[uit] 


Examples 





To exit telnet, type: 


eee 


Additional References 


e Command-Line Syntax Key 


telnet: send 


11/2/2020 * 2 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 
Sends telnet commands to the telnet server. 


Syntax 
sen {ao | ayt | brk | esc | ip | synch | <string>} [?] 

Parameters 

PARAMETER 

ao 

ayt 

brk 

esc 

ip 

synch 


<string> 


Example 


DESCRIPTION 


Sends the telnet command Abort Output. 


Sends the telnet command Are You There? 


Sends the telnet command brk. 


Sends the current telnet escape character. 


Sends the telnet command Interrupt Process. 


Sends the telnet command synch. 


Sends whatever string you type to the telnet server. 


Displays help associated with this command. 


To send the Are you there? command to the telnet server, type: 


sen ayt 


Additional References 


e Command-Line Syntax Key 


telnet: set 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sets options. You can use the telnet unset command to turn off an option that was previously set. 


Syntax 


set [bsasdel] [crlf] [delasbs] [escape <char>] [localecho] [logfile <filename>] [logging] [mode {console | 
stream)] [ntlm] [term {ansi | vt10e | vt52 | vtnt}] [?] 


Parameters 

PARAMETER DESCRIPTION 

bsasdel Sends backspace as a delete. 

crlf Sends CR & LF (Ox0D, Ox 0A) when the Enter key is pressed. 
Known as New line mode. 

delasbs Sends delete as a backspace. 

escape <character> Sets the escape character used to enter the telnet client 
prompt. The escape character can be a single character, or it 
can be a combination of the CTRL key plus a character. To set 
a control-key combination, hold down the CTRL key while 
you type the character that you want to assign. 

localecho Turns on local echo. 

logfile <filename> Logs the current telnet session to the local file. Logging begins 
automatically when you set this option. 

logging Turns on logging. If no log file is set, an error message 
appears. 

mode {console | stream} Sets the operation mode. 

ntlm Turns on NTLM authentication. 

term {ansi | vt1ee | vt52 | vtnt} Sets the terminal type. 

? Displays help for this command. 

Remarks 


e On non-English versions of telnet, the codeset <option> is available.Codeset <option> sets the current code 
set to an option, which can be any one of the following: shift JIS, Japanese EUC, JIS Kanji, JIS Kanji (78), 
DEC Kanji, NEC Kanji. You should set the same code set on the remote computer. 


Example 


To set the log file and to begin logging to the local file tn/og.txt type: 


set logfile tnlog.txt 


Additional References 


e Command-Line Syntax Key 


telnet: status 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 





Displays status information. 


Syntax 


st[atus] 


Example 





To display status information, type: 


Additional References 


e Command-Line Syntax Key 


telnet: unset 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Turns off previously set options. 


Syntax 


u (bsasdel | crlf | delasbs | escape | localecho | logging | ntlm) [>] 


Parameters 
PARAMETER DESCRIPTION 
bsasdel Sends backspace as a backspace. 
crlf Sends the Enter key as a CR. Also known as line feed mode. 
delasbs Sends delete as delete. 
escape Removes the escape character setting. 
localecho Turns off localecho. 
logging Turns off logging. 
ntlm Turns off NTLM authentication. 
? Displays help for this command. 
Example 


Turn off logging. 


u logging 


Additional References 


e Command-Line Syntax Key 


tftp 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Transfers files to and from a remote computer, typically a computer running UNIX, that is running the Trivial File 


Transfer Protocol (tftp) service or daemon. tftp is typically used by embedded devices or systems that retrieve 
firmware, configuration information, or a system image during the boot process from a tftp server. 


[IMPORTANT] The tftp protocol doesn't support any authentication or encryption mechanism, and as such can 


introduce a security risk when present. Installing the tftp client is not recommended for systems connected to 


the Internet. A tftp server service is no longer provided by Microsoft for security reasons. 


Syntax 


tftp [-i] [<host>] [{get | put}] <source> [<destination>] 


Parameters 


PARAMETER 


<host> 


get 


put 


<source> 


<destination> 


Examples 


DESCRIPTION 


Specifies binary image transfer mode (also called octet mode). 
In binary image mode, the file is transferred in one-byte units. 
Use this mode when transferring binary files. If you don't use 
the -i option, the file is transferred in ASCII mode. This is the 
default transfer mode. This mode converts the end-of line 
(EOL) characters to an appropriate format for the specified 
computer. Use this mode when transferring text files. If a file 
transfer is successful, the data transfer rate is displayed. 


Specifies the local or remote computer. 


Transfers the file destination on the remote computer to the 
file source on the local computer. 


Transfers the file source on the local computer to the file 
destination on the remote computer. Because the tftp protocol 
doesn't support user authentication, the user must be logged 
onto the remote computer, and the files must be writable on 
the remote computer. 


Specifies the file to transfer. 


Specifies where to transfer the file. 


To copy the file bootimg from the remote computer Host7, type: 


tftp -i Host1 get boot.img 


Additional References 


e Command-Line Syntax Key 


time 
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Displays or sets the system time. If used without parameters, time displays the current system time and prompts 
you to enter a new time. 





NOTE 


You must be an administrator to change the current time. 





Syntax 


time [/t | [<HH>[:<MM>[:<SS>]] [am|pm]]] 


Parameters 
PARAMETER DESCRIPTION 
<HH>[:<MM>[:<SS>[.<NN>]]] [am | pm] Sets the system time to the new time specified, where HH is in 
hours (required), MM is in minutes, and S$'is in seconds. NN 
can be used to specify hundredths of a second. You must 
separate values for HH, MM, and SS with colons (:). SSand NN 
must be separated with a period (.). 
If am or pm isn't specified, time uses the 24-hour format 
by default. 
/t Displays the current time without prompting you for a new 
time. 
/? Displays help at the command prompt. 
Remarks 


e Valid HH values are 0 through 24. 


e Valid MM and SS values are 0 through 59. 


Examples 


If command extensions are enabled, to display the current system time, type: 
time /t 
To change the current system time to 5:30 PM, type either of the following: 


time 17:30:00 
time 5:30 pm 


To display the current system time, followed by a prompt to enter a new time, type: 


The current time is: 17:33:31.35 
Enter the new time: 


To keep the current time and return to the command prompt, press ENTER. To change the current time, type the 
new time and then press ENTER. 


Additional References 


e Command-Line Syntax Key 


aaco 
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Pauses the command processor for the specified number of seconds. This command is typically used in batch files. 


Syntax 


timeout /t <timeoutinseconds> [/nobreak] 


Parameters 
PARAMETER DESCRIPTION 
/t <timeoutinseconds> Specifies the decimal number of seconds (between -1 and 
99999) to wait before the command processor continues 
processing. The value -1 causes the computer to wait 
indefinitely for a keystroke. 
/nobreak Specifies to ignore user key strokes. 
R Displays help at the command prompt. 
Remarks 


e A user keystroke resumes the command processor execution immediately, even if the timeout period has 
not expired. 


e When used in conjunction with the resource kit's Sleep tool, timeout is similar to the pause command. 


Examples 


To pause the command processor for ten seconds, type: 
timeout /t 10 

To pause the command processor for 100 seconds and ignore any keystroke, type: 
timeout /t 100 /nobreak 

To pause the command processor indefinitely until a key is pressed, type: 


timeout /t -1 


Additional References 


e Command-Line Syntax Key 


ie 
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Creates a title for the Command Prompt window. 


Syntax 


title [<string>] 


Parameters 
PARAMETER DESCRIPTION 
<string> Specifies the text to appear as the title of the Command 
Prompt window. 
R Displays help at the command prompt. 
Remarks 


e To create window title for batch programs, include the title command at the beginning of a batch program. 


e After a window title is set, you can reset it only by using the title command. 


Examples 


To change the Command Prompt window title to Updating Files while the batch file executes the copy command, 
and then to return the title back to Command Prompt, type the following script: 


@echo off 

title Updating Files 

copy \\server\share\*.xls c:\users\common\*.xls 
echo Files Updated. 

title Command Prompt 


Additional References 


e Command-Line Syntax Key 


tintadmn 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Administers a local or remote computer that is running the telnet Server Service. If used without parameters, 
tintadmn displays the current server settings. 


This command requires you to log on to the local computer with administrative credentials. To administer a remote 
computer, you must also provide administrative credentials for the remote computer. You can do so by logging on 
to the local computer with an account that has administrative credentials for both the local computer and the 
remote computer. If you can't use this method, you can use the -u and -p parameters to provide administrative 
credentials for the remote computer. 


Syntax 


tlintadmn [<computername>] [-u <username>] [-p <password>] [{start | stop | pause | continue}] [-s {<sessionID> 
| all}] [-k {<sessionID> | all}] [-m {<sessionID> | all) <message>] [config [dom = <domain>] [ctrlakeymap = 
{yes | no}] [timeout = <hh>:<mm>:<ss>] [timeoutactive = {yes | no}] [maxfail = <attempts>] [maxconn = 


<connections>] [port = <number>] [sec {+ | -}NTLM {+ | -}passwd] [mode = {console | stream}]] [-?] 
Parameters 
PARAMETER DESCRIPTION 
<computername> Specifies the name of the server to connect to. The default is 


the local computer. 


-U <username> -p <password> Specifies administrative credentials for a remote server that 
you want to administer. This parameter is required if you want 
to administer a remote server to which you are not logged on 
with administrative credentials. 


start starts the telnet Server Service. 

stop Stops the telnet Server Service 

pause Pauses the telnet Server Service. No new connections will be 
accepted. 

continue Resumes the telnet Server Service. 

-S {<sessionID> | all} Displays active telnet sessions. 

-k {<sessionID> | all} Ends telnet sessions. Type the Session ID to end a specific 


session, or type all to end all the sessions. 


PARAMETER 


-m (<sessionID> | all) <message> 


config dom = <domain> 


config ctrlakeymap = {yes | no} 


config timeout = <hh>:<mm>:<ss> 
config timeoutactive = {yes | no} 


config maxfail = <attempts> 


config maxconn = <connections> 


config port = <number> 


config sec {+ | -}NTLM {+ | -}passwd 


config mode = {console | stream} 


Examples 


To configure the idle session timeout to 30 minutes, type: 


tlntadmn config timeout=0:30:0 


To display active telnet sessions, type: 


tintadmn -s 


Additional References 


e Command-Line Syntax Key 


e telnet Operations Guide 


DESCRIPTION 


Sends a message to one or more sessions. Type the session ID 
to send a message to a specific session, or type all to send a 
message to all sessions. type the message that you want to 
send between quotation marks. 


Configures the default domain for the server. 


Specifies if you want the telnet server to interpret CTRL+A as 
ALT. Type yes to map the shortcut key, or type no to prevent 
the mapping. 


Sets the time-out period in hours, minutes, and seconds. 


Enables the idle session timeout. 


Sets the maximum number of failed logon attempts before 
disconnecting. 


Sets the maximum number of connections. 


Sets the telnet port. You must specify the port with an integer 
smaller than 1024. 


Specifies whether you want to use NTLM, a password, or both 
to authenticate logon attempts. To use a particular type of 
authentication, type a plus sign (+) before that type of 
authentication. To prevent using a particular type of 
authentication, type a minus sign (-) before that type of 
authentication. 


Specifies the mode of operation. 


Displays help at the command prompt. 


tpmtool 
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This utility can be used to get information about the Trusted Platform Module (TPM). 





IMPORTANT 


Some information may relate to the pre-released product, which may be substantially modified before it's commercially 


released. Microsoft makes no warranties, express or implied, with respect to the information provided here. 





Syntax 


tpmtool /parameter [<arguments>] 


Parameters 


PARAMETER 


getdeviceinformation 


gatherlogs [output directory path] 


drivertracing [start | stop] 
/? 


Examples 


To display the basic information of the TPM, type: 


tpmtool getdeviceinformation 


DESCRIPTION 


Displays the basic information of the TPM. See the 
Win32_Tpm::lsReadyInformation method parameters article for 
details about the information flag values. 


Collects TPM logs and places them in the specified directory. If 
that directory doesn't exist, it's created. By default, the log files 
are placed in the current directory. The possible files generated 
are: 

e TpmEvents.evtx 

e Tpminformation.txt 

e SRTMBoot.dat 

e SRTMResume.dat 

e DRTMBoot.dat 

e DRTMResume.dat 


Starts or stops collecting TPM driver traces. The trace log, 
TPMTRACE.etl, is created and placed in the current directory. 


Displays help at the command prompt. 


To collect TPM logs and place them in the current directory, type: 


tpmtool gatherlogs 


To collect TPM logs and place them in c:\Users\Public , type: 
tpmtool gatherlogs C:\Users\Public 
To collect TPM driver traces, type: 


tpmtool drivertracing start 
# Run scenario 
tpmtool drivertracing stop 


Additional References 


e Command-Line Syntax Key 


e COM Error Codes (TPM, PLA, FVE) 


tomvscmagr 
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The tpmvscmgr command-line tool allows users with Administrative credentials to create and delete TPM virtual 
smart cards on a computer. 


Syntax 


tpmvscmgr create [/name] [/adminkey DEFAULT | PROMPT | RANDOM] [/PIN DEFAULT | PROMPT] [/PUK DEFAULT | PROMPT] 
[/generate] [/machine] [/?] 


tpmvscmgr destroy [/instance <instanceID>] [/?] 


Create parameters 

The Create command sets up new virtual smart cards on the user's system. It also returns the instance ID of the 
newly-created card for later reference, if deletion is required. The instance ID is in the format 
ROOT\SMARTCARDREADER\O00n where n starts from 0 and is increased by 1 each time you create a new 


virtual smart card. 


PARAMETER DESCRIPTION 

/name Required. Indicates the name of the new virtual smart card. 

/adminkey Indicates the desired administrator key that can be used to 
reset the PIN of the card if the user forgets the PIN. This can 
include: 


e DEFAULT - Specifies the default value of 
01020304050607080 1020304050607080 102030405 
060708. 

e PROMPT - Prompts the user to enter a value for the 
administrator key. 

e RANDOM - Results in a random setting for the 
administrator key for a card that is not returned to the 
user. This creates a card that might not be manageable 
by using smart card management tools. When using 
the RANDOM option, the administrator key must be 
entered as 48 hexadecimal characters. 


/PIN Indicates desired user PIN value. 

e DEFAULT - Specifies the default PIN of 12345678. 

@ PROMPT - Prompts the user to enter a PIN at the 
command line. The PIN must be a minimum of eight 
characters, and it can contain numerals, characters, and 
special characters. 


PARAMETER DESCRIPTION 


/PUK Indicates the desired PIN Unlock Key (PUK) value. The PUK 
value must be a minimum of eight characters, and it can 
contain numerals, characters, and special characters. If the 
parameter is omitted, the card is created without a PUK. The 
options include: 

e DEFAULT - Specifies the default PUK of 72345678. 
e PROMPT - Prompts to the user to enter a PUK at the 
command line. 


/generate Generates the files in storage that are necessary for the virtual 
smart card to function. If you don't use the /generate 
parameter, it's like you created the card without the 
underlying file system. A card without a file system can be 
managed only by a smart card management system such as 
Microsoft Configuration Manager. 


/machine Allows you to specify the name of a remote computer on 
which the virtual smart card can be created. This can be used 
in a domain environment only, and it relies on DCOM. For the 
command to succeed in creating a virtual smart card on a 
different computer, the user running this command must be a 
member in the local administrators group on the remote 
computer. 


/? Displays Help for this command. 


Destroy parameters 


The Destroy command securely deletes a virtual smart card from the user's computer. 





WARNING 


If a virtual smart card is deleted, it cannot be recovered. 





PARAMETER DESCRIPTION 


/instance Specifies the instance ID of the virtual smart card to be 
removed. The instancelD was generated as output by 
tpmvscmgrexe when the card was created. The /instance 
parameter is a required field for the Destroy command. 


/? Displays help at the command prompt. 


Remarks 


e For alphanumeric inputs, the full 127 character ASCII set is allowed. 


Examples 


To create a virtual smart card that can be later managed by a smart card management tool launched from another 
computer, type: 


tpmvscmgr.exe create /name VirtualSmartCardForCorpAccess /AdminKey DEFAULT /PIN PROMPT 


Alternatively, instead of using a default administrator key, you can create an administrator key at the command line. 


The following command shows how to create an administrator key. 
tpmvscmgr.exe create /name VirtualSmartCardForCorpAccess /AdminKey PROMPT /PIN PROMPT 

To create an unmanaged virtual smart card that can be used to enroll certificates, type: 
tpmvscmgr.exe create /name VirtualSmartCardForCorpAccess /AdminKey RANDOM /PIN PROMPT /generate 


A virtual smart card is created with a randomized administrator key. The key is automatically discarded after the 
card is created. This means that if the user forgets the PIN or wants to the change the PIN, the user needs to delete 
the card and create it again. 


To delete the card, type: 


tpmvscmgr.exe destroy /instance <instance ID> 


Where <instanceID> is the value printed on the screen when the user created the card. Specifically, for the first 
card created, the instance ID is ROOT\SMARTCARDREADER\O000. 


Additional References 


e Command-Line Syntax Key 


tracerpt 


11/2/2020 * 2 minutes to read * Edit Online 





The tracerpt command parses Event Trace Logs, log files generated by Performance Monitor, and real-time Event 
Trace providers. It also generates dump files, report files, and report schemas. 


Syntax 


tracerpt <[-1] <value [value [...]]>|-rt «session name [session name [...]]>> [options] 


Parameters 

PARAMETERS DESCRIPTION 

-config <filename> Specifies which settings file to load, which includes your 
command options. 

-y Specifies to answer yes to all questions, without prompting. 

-f <XML | HTML> Specifies the report file format. 

-of <CSV | EVTX | XML> Specifies the dump file format. The default is *XML. 

-df <filename> Specifies to create a Microsoft-specific counting/reporting 
schema file. 

-int <filename> Specifies to dump the interpreted event structure to the 
specified file. 

-rts Specifies to add the report raw timestamp in the event trace 
header. Can only be used with -o. It's not supported with - 
report or -summary. 

-tmf <filename> Specifies which Trace Message Format definition file to use. 

-tp <value> Specifies the TMF file search path. Multiple paths may be used, 
separated by a semicolon (;). 

-i <value> Specifies the provider image path. The matching PDB will be 
located in the Symbol Server. Multiple paths can be used, 
separated by a semicolon (;). 

-pdb <value> Specifies the symbol server path. Multiple paths can be used, 
separated by a semicolon (;). 

-gmt Specifies to convert WPP payload timestamps to Greenwich 


Mean Time. 


-rl <value> Specifies the System Report Level from 1 to 5. Default is 7. 


PARAMETERS DESCRIPTION 


-summary [filename] Specifies to create a summary report text file. The filename, if 
not specified, is summary. txt. 


-o [filename] Specifies to create a text output file. The filename, if not 
specified, is dumpfile. xml. 


-report [filename] Specifies to create a text output report file. The filename, if not 
specified, is workload. xml. 


-Ir Specifies to be less restrictive. This uses best efforts for events 
that don't match the events schema. 


-export [filename] Specifies to create an Event Schema export file. The filename, if 
not specified, is schema.man. 


[-l] <value [value [...]]> Specifies the Event Trace log file to process. 

-rt «session name [session name [..]]> Specifies the Real-time Event Trace Session data sources. 

-? Displays help at the command prompt. 
Examples 


To create a report based on the two event logs /ogfile7.et/and /ogfile2.etl, and to create the dump file /ogdump.xm!/ 
in XML format, type: 


tracerpt logfilel.etl logfile2.etl -o logdump.xml -of XML 


To create a report based on the event log /ogfile.et/, to create the dump file /ogdmp.xml in XML format, to use best 
efforts to identify events not in the schema, and to produce a summary report file /ogdump.txt and a report file, 
logrptxml, type: 


tracerpt logfile.etl -o logdmp.xml -of XML -1r -summary logdmp.txt -report logrpt. xml 


To use the two event logs /ogfile7.et/ and /ogfile2.et/to produce a dump file, and to report file with the default 
filenames, type: 


tracerpt logfilel.etl logfile2.etl -o -report 


To use the event log /ogfile.et/ and the performance log counterfile.blg to produce the report file /ogrptxm/and the 
Microsoft-specific XML schema file schema.xml, type: 


tracerpt logfile.etl counterfile.blg -report logrpt.xml -df schema. xml 


To read the real-time Event Trace Session NT Kernel Logger and to produce the dump file /ogfile.csv in CSV format, 


type: 


tracerpt -rt NT Kernel Logger -o logfile.csv -of CSV 


Additional References 


e Command-Line Syntax Key 


tracert 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


This diagnostic tool determines the path taken to a destination by sending Internet Control Message Protocol 
(ICMP) echo Request or ICMPv6 messages to the destination with incrementally increasing time to live (TTL) field 
values. Each router along the path is required to decrement the TTL in an IP packet by at least 1 before forwarding 
it. Effectively, the TTL is a maximum link counter. When the TTL on a packet reaches 0, the router is expected to 
return an ICMP time Exceeded message to the source computer. 


This command determines the path by sending the first echo Request message with a TTL of 1 and incrementing 
the TTL by 1 on each subsequent transmission until the target responds or the maximum number of hops is 
reached. The maximum number of hops is 30 by default and can be specified using the /h parameter. 


The path is determined by examining the ICMP time Exceeded messages returned by intermediate routers and the 
echo Reply message returned by the destination. However, some routers do not return time Exceeded messages 
for packets with expired TTL values and are invisible to the tracert command. In this case, a row of asterisks ( * ) 
is displayed for that hop. The path displayed is the list of near/side router interfaces of the routers in the path 
between a source host and a destination. The near/side interface is the interface of the router that is closest to the 
sending host in the path. 


IMPORTANT 


This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a 


network adapter in Network Connections. 


To trace a path and provide network latency and packet loss for each router and link in the path, use the pathping command 


command. 





Syntax 


tracert [/d] [/h <maximumhops>] [/j <hostlist>] [/w <timeout>] [/R] [/S <srcaddr>] [/4][/6] <targetname> 


Parameters 
PARAMETER DESCRIPTION 
/d Stops attempts to resolve the IP addresses of intermediate 
routers to their names. This can speed up the return of 
results. 
/h <maximumhops> Specifies the maximum number of hops in the path to search 


for the target (destination). The default is 30 hops. 


PARAMETER DESCRIPTION 


/j <hostlist> Specifies that echo Request messages use the Loose Source 
Route option in the IP header with the set of intermediate 
destinations specified in <hostlist> . With loose source 
routing, successive intermediate destinations can be 
separated by one or multiple routers. The maximum number 
of addresses or names in the list is 9. The <hostlist> isa 
series of IP addresses (in dotted decimal notation) separated 
by spaces. Use this parameter only when tracing IPv4 
addresses. 


/W <timeout> Specifies the amount of time in milliseconds to wait for the 
ICMP time Exceeded or echo Reply message corresponding to 
a given echo Request message to be received. If not received 
within the time-out, an asterisk ( * ) is displayed. The default 
time-out is 4000 (4 seconds). 


/R Specifies that the IPv6 Routing extension header be used to 
send an echo Request message to the local host, using the 
destination as an intermediate destination and testing the 
reverse route. 


/S <srcaddr> Specifies the source address to use in the echo Request 
messages. Use this parameter only when tracing IPv6 
addresses. 

/4 Specifies that tracert.exe can use only IPv4 for this trace. 

/6 Specifies that tracert.exe can use only IPvé6 for this trace. 

<targetname> Specifies the destination, identified either by IP address or 
host name. 

/? Displays help at the command prompt. 

Examples 


To trace the path to the host named corp7.microsoft.com, type: 
tracert corp7.microsoft.com 


To trace the path to the host named corp7.microsoftcom and prevent the resolution of each IP address to its name, 


type: 


tracert /d corp7.microsoft.com 


To trace the path to the host named corp7.microsoft.com and use the loose source route 
10.12.0.1/10.29.3.1/10. 1.44.1, type: 


tracert /j 10.12.0.1 10.29.3.1 10.1.44.1 corp7.microsoft.com 


Additional References 


e Command-Line Syntax Key 


e pathping command 


tree 
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Displays the directory structure of a path or of the disk in a drive graphically. The structure displayed by this 
command depends upon the parameters that you specify at the command prompt. If you don't specify a drive or 
path, this command displays the tree structure beginning with the current directory of the current drive. 


Syntax 


tree [<drive>:][<path>] [/f] [/a] 


Parameters 
PARAMETER DESCRIPTION 
<drive>: Specifies the drive that contains the disk for which you want 
to display the directory structure. 
<path> Specifies the directory for which you want to display the 
directory structure. 
/t Displays the names of the files in each directory. 
/a Specifies to use text characters instead of graphic characters to 
show the lines that link subdirectories. 
/? Displays help at the command prompt. 
Examples 


To display the names of all the subdirectories on the disk in your current drive, type: 
tree \ 

To display, one screen at a time, the files in all the directories on drive C, type: 
tree c:\ /f | more 

To print a list of all the directories on drive C, type: 
tree c:\ /f prn 


Additional References 


e Command-Line Syntax Key 


tscon 


11/2/2020 * 2 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Connects to another session on a Remote Desktop Session Host server. 





IMPORTANT 


You must have Full Control access permission or Connect special access permission to connect to another session. 








NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 





Syntax 


tscon {<sessionID> | <sessionname>} [/dest:<sessionname>] [/password:<pw> | /password:*] [/v] 


Parameters 


PARAMETER 


<sessionID> 


<sessionname> 


/dest: <sessionname> 


/password: <pw> 


/password: * 


N 


fe 


Remarks 


DESCRIPTION 


Specifies the ID of the session to which you want to connect. 
If you use the optional /dest:<sessionname> parameter, 
you can also specify the name of the current session. 


Specifies the name of the session to which you want to 
connect. 


Specifies the name of the current session. This session will 
disconnect when you connect to the new session. You can also 
use this parameter to connect the session of another user to a 
different session. 


Specifies the password of the user who owns the session to 
which you want to connect. This password is required when 
the connecting user does not own the session. 


Prompts for the password of the user who owns the session 
to which you want to connect. 


Displays information about the actions being performed. 


Displays help at the command prompt. 


e This command fails if you don't specify a password in the /password parameter, and the target session 


belongs to a user other than the current one. 


e You can't connect to the console session. 


Examples 


To connect to Session 72 on the current Remote Desktop Services Session Host server, and to disconnect the 


current session, type: 
tscon 12 


To connect to Session 23 on the current Remote Desktop Services Session Host server using the password mypass, 


and to disconnect the current session, type: 
tscon 23 /password:mypass 


To connect the session named 7ERMO3 to the session named 7ERMO05, and then to disconnect session TERMO5, 
type: 


tscon TERM@3 /v /dest:TERM@5 


Additional References 
e Command-Line Syntax Key 


e Remote Desktop Services (Terminal Services) Command Reference 


tsdiscon 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Disconnects a session from a Remote Desktop Session Host server. If you don't specify a session ID or session 
name, this command disconnects the current session. 





IMPORTANT 


You must have Full Control access permission or Disconnect special access permission to disconnect another user 
from a session. 








NOTE 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 





Syntax 


tsdiscon [<sessionID> | <sessionname>] [/server:<servername>] [/v] 


Parameters 
PARAMETER DESCRIPTION 
<sessionID> Specifies the ID of the session to disconnect. 
<sessionname> Specifies the name of the session to disconnect. 
/server: <servername> Specifies the terminal server that contains the session that 
you want to disconnect. Otherwise, the current Remote 
Desktop Session Host server is used. This parameter is 
required only if you run the tsdiscon command from a 
remote server. 
N Displays information about the actions being performed. 
/? Displays help at the command prompt. 
Remarks 


e Any applications running when you disconnected the session are automatically running when you 
reconnect to that session with no loss of data. You can use the reset session command to end the running 
applications of the disconnected session, but this may result in loss of data at the session. 


e The console session can't be disconnected. 


Examples 


To disconnect the current session, type: 
tsdiscon 

To disconnect Session 70, type: 
tsdiscon 10 


To disconnect the session named 7ERMO4, type: 


tsdiscon TERMØ4 


Additional References 


e Command-Line Syntax Key 


e Remote Desktop Services (Terminal Services) Command Reference 


e reset session command 


tsecimp 
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Imports assignment information from an Extensible Markup Language (XML) file into the TAPI server security file 
(Tsec.ini). You can also use this command to display the list of TAPI providers and the lines devices associated with 
each of them, validate the structure of the XML file without importing the contents, and check domain membership. 


Syntax 


tsecimp /f <filename> [{/v | /u}] 


tsecimp /d 
Parameters 

PARAMETER DESCRIPTION 

/f <filename> Required. Specifies the name of the XML file that contains the 
assignment information that you want to import. 

N Validates the structure of the XML file without importing the 
information into the Tsec.ini file. 

/u Checks whether each user is a member of the domain 
specified in the XML file. The computer on which you use this 
parameter must be connected to the network. This parameter 
might significantly slow performance if you are processing a 
large amount of user assignment information. 

/d Displays a list of installed telephony providers. For each 
telephony provider, the associated line devices are listed, as 
well as the addresses and users associated with each line 
device. 

/? Displays help at the command prompt. 

Remarks 


The XML file from which you want to import assignment information must follow the structure described below: 


<UserList> 
<User> 
<LineList> 
<Line> 


e <Userlist element> - The top element of the XML file. 


e <User element> - Contains information about a user who is a member of a domain. Each user might be 
assigned one or more line devices. Additionally, each User element might have an attribute named 
NoMerge. When this attribute is specified, all current line device assignments for the user are removed 
before new ones are made. You can use this attribute to easily remove unwanted user assignments. By 
default, this attribute is not set. The User element must contain a single DomainUserName element, which 
specifies the domain and user name of the user. The User element might also contain one FriendlyName 


element, which specifies a friendly name for the user. The User element might contain one LineList 
element. If a LineList element is not present, all line devices for this user are removed. 


@ <LineList element> - Contains information about each line or device that might be assigned to the user. 


Each LineList element can contain more than one Line element. 


e <Line element> - Specifies a line device. You must identify each line device by adding either an Address 
element or a PermanentID element under the Line element. For each Line element, you can set the 
Remove attribute. If you set this attribute, the user is no longer assigned that line device. If this attribute is 
not set, the user gains access to that line device. No error is given if the line device is not available to the 
user. 


Sample output for /d parameter 

This sample output appears after running the /d parameter to display the current TAPI configuration. For each 
telephony provider, the associated line devices are listed, as well as the addresses and users associated with each 
line device. 


NDIS Proxy TAPI Service Provider 
Line: WAN Miniport (L2TP) 
Permanent ID: 12345678910 


NDIS Proxy TAPI Service Provider 
Line: LPTIDOMAIN1\User1 
Permanent ID: 12345678910 


Microsoft H.323 Telephony Service Provider 
Line: H323 Line 
Permanent ID: 123456 
Addresses: 
BLDG1-TAPI32 


Examples 


To remove all line devices assigned to User7, type: 


<UserList> 
<User NoMerge=1> 
<DomainUser>domaini\user1</DomainUser> 
</User> 
</UserList> 


To remove all line devices assigned to User7, before assigning one line with address 99999, type: 


<UserList> 
<User NoMerge=1> 
<DomainUser>domain1\user1</DomainUser> 
<FriendlyName>User1</FriendlyName> 
<LineList> 
<Line> 
<Address>99999</Address> 
</Line> 
</LineList> 
</User> 
</UserList> 


In this example, User7 has no other line devices assigned, regardless of whether any line devices were assigned 
previously. 


To add one line device for User7, without deleting any previously assigned line devices, type: 


<UserList> 
<User> 
<DomainUser>domainiluseri</DomainUser> 
<FriendlyName>User1</FriendlyName> 
<LineList> 
<Line> 
<Address>99999</Address> 
</Line> 
</LineList> 
</User> 
</UserList> 


To add line address 99999 and to remove line address 88888 from User7's access, type: 


<UserList> 
<User> 
<DomainUser>domaini1\user1</DomainUser> 
<FriendlyName>User1</FriendlyName> 
<LineList> 
<Line> 
<Address>99999</Address> 
</Line> 
<Line Remove=1> 
<Address>88888</Address> 
</Line> 
</LineList> 
</User> 
</UserList> 


To add permanent device 7000 and to remove line 88888 from User7's access, type: 


<UserList> 
<User> 
<DomainUser>domain1\user1</DomainUser> 
<FriendlyName>User1</FriendlyName> 
<LineList> 
<Line> 
<PermanentID>1000</PermanentID> 
</Line> 
<Line Remove=1> 
<Address>88888</Address> 
</Line> 
</LineList> 
</User> 
</UserList> 


Additional References 


e Command-Line Syntax Key 


e Command shell overview 


SA 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Ends a process running in a session on a Remote Desktop Session Host server. 





NOTE 


You can use this command to end only those processes that belong to you, unless you are an administrator. Administrators 
have full access to all tskill functions and can end processes that are running in other user sessions. 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 





Syntax 


tskill {<processID> | <processname>} [/server:<servername>] [/id:<sessionID> | /a] [/v] 


Parameters 
PARAMETER DESCRIPTION 
<processID> Specifies the ID of the process that you want to end. 
<processname> Specifies the name of the process that you want to end. This 
parameter can include wildcard characters. 
/server: <servername> Specifies the terminal server that contains the process that 
you want to end. If /server isn't specified, the current Remote 
Desktop Session Host server is used. 
/id: <sessionID> Ends the process that is running in the specified session. 
/a Ends the process that is running in all sessions. 
N Displays information about the actions being performed. 
/ Displays help at the command prompt. 
Remarks 


e When all processes that are running in a session end, the session also ends. 


e Ifyou use the <processname> and the /server:<servername> parameters, you must also specify either the 


/id:<sessionID> or the /a parameter. 


Examples 


To end process 6543, type: 


tskill 6543 


To end the process explorer running on session 5, type: 


tskill explorer /id:5 


Additional References 


e Command-Line Syntax Key 


e Remote Desktop Services (Terminal Services) Command Reference 


tsprof 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Copies the Remote Desktop Services user configuration information from one user to another. The Remote 
Desktop Services user configuration information appears in the Remote Desktop Services extensions to Local 
Users and Groups and active directory Users and computers. 





NOTE 


You can also use the tsprof command to set the profile path for a user. 


To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server. 





Syntax 


tsprof /update (/domain:<Domainname> | /local) /profile:<path> <username> 
tsprof /copy {/domain:<Domainname> | /local) [/profile:<path>] <src user> <dest user> 
tsprof /q {/domain:<Domainname> | /local} <username> 


Parameters 

PARAMETER DESCRIPTION 

/update Updates profile path information for <username> in domain 
<domainname> to <profilepath> . 

/domain: <Domainname> Specifies the name of the domain in which the operation is 

applied. 

/local Applies the operation only to local user accounts. 

/profile: <path> Specifies the profile path as displayed in the Remote Desktop 
Services extensions in Local Users and Groups and active 
directory Users and computers. 

<username> Specifies the name of the user for whom you want to update 
or query the server profile path. 

/copy Copies user configuration information from <src_user> to 
<dest_user> and updates the profile path information for 
<dest_user> to <profilepath> .Both <src_user> and 
<dest_user> must either be local or must be in domain 
<domainname> . 

«sro user> Specifies the name of the user from whom you want to copy 


the user configuration information. Also known as the source 
user. 


PARAMETER DESCRIPTION 


<dest_user> Specifies the name of the user to whom you want to copy the 
user configuration information. Also known as the destination 
user. 
/q Displays the current profile path of the user for whom you 


want to query the server profile path. 


/ Displays help at the command prompt. 


Examples 
To copy user configuration information from Loca/User7 to LocalUser2, type: 
tsprof /copy /local LocalUser1 LocalUser2 


To set the Remote Desktop Services profile path for Loca/User7 to a directory called c:\profiles, type: 


tsprof /update /local /profile:c:\profiles LocalUser1 


Additional References 


e Command-Line Syntax Key 


e Remote Desktop Services (Terminal Services) Command Reference 


type 
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In the Windows Command shell, type is a built in command which displays the contents of a text file. Use the type 
command to view a text file without modifying it. 


In PowerShell, type is a built-in alias to the Get-Content cmdlet, which also displays the contents of a file, but using 
a different syntax. 


Syntax 


type [<drive>: ][<path>]<filename> 


Parameters 
PARAMETER DESCRIPTION 
[<drive>:][<path>]<filename> Specifies the location and name of the file or files that you 
want to view. If your <filename> contains spaces, you must 
enclose it in quotation marks (for example, "Filename 
Containing Spaces.txt"). You can also add multiple filenames by 
adding spaces between them. 
/? Displays help at the command prompt. 
Remarks 


e Ifyou display a binary file or a file that is created by a program, you may see strange characters on the screen, 
including formfeed characters and escape-sequence symbols. These characters represent control codes that are 
used in the binary file. In general, avoid using the type command to display binary files. 


Examples 


To display the contents of a file named holiday.mar, type: 
type holiday.mar 
To display the contents of a lengthy file named holiday.mar one screen at a time, type: 


type holiday.mar | more 


Additional References 


e Command-Line Syntax Key 


typeperf 
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The typeperf command writes performance data to the command window or to a log file. To stop typeperf, press 
CTRL+C. 


Syntax 


typeperf <counter [counter ...]> [options] 
typeperf -cf <filename> [options] 
typeperf -q [object] [options] 

typeperf -qx [object] [options] 


Parameters 
PARAMETER DESCRIPTION 
<counter [counter [..]]> Specifies performance counters to monitor The <counter> 
parameter is the full name of a performance counter in 
\Computer\Object(Instance)\Counter format, such as 
\\Server1\Processor(@)\% User Time 
Options 

OPTION DESCRIPTION 

-f <csv | TSV | BIN | SQL> Specifies the output file format. The default is CSV. 

-cf <filename> Specifies a file containing a list of performance counters to 
monitor, with one counter per line. 

-si <[[hh:]mm:]ss> Specifies the sample interval. The default is one second. 

-O <filename> Specifies the path for the output file, or the SQL database. The 
default is STDOUT (written to the command window). 

-q [object] Display a list of installed counters (no instances). To list 
counters for one object, include the object name. ***EXAMPLE 

-qx [object] Display a list of installed counters with instances. To list 
counters for one object, include the object name. 

-SC <samples> Specifies the number of samples to collect. The default is to 
collect data until CTRL+C is pressed. 

-config <filename> Specifies a settings file containing command options. 

-S <computer_name> Specifies a remote computer to monitor if no computer is 


specified in the counter path. 


-y Answer yes to all questions without prompting. 


OPTION DESCRIPTION 


R Displays help at the command prompt. 


Examples 


To write the values for the local computer's performance counter \Processor(_Total)\% Processor Time tothe 


command window at a default sample interval of 1 second until CTRL+C is pressed, type: 
typeperf \Processor(_Total)\% Processor Time 


To write the values for the list of counters in the file counters.txt to the tab-delimited file domain2.tsv at a sample 


interval of 5 seconds until 50 samples have been collected, type: 
typeperf -cf counters.txt -si 5 -sc 50 -f TSV -o domain2.tsv 


To query installed counters with instances for the counter object PhysicalDisk and writes the resulting list to the file 


counters.txt type: 


typeperf -qx PhysicalDisk -o counters.txt 


Additional References 


e Command-Line Syntax Key 


tzutil 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays the Windows Time Zone utility. 


Syntax 


tzutil [/?] [/g] [/s <timezoneID>[_dstoff]] [/1] 


Parameters 

PARAMETER DESCRIPTION 

/g Displays the current time zone ID. 

/S <timezoneID>[_dstoff] Sets the current time zone using the specified time zone ID. 
The _dstoff suffix disables Daylight Saving time adjustments 
for the time zone (where applicable). Your value must be 
surrounded by quotes. 

Å Lists all valid time zone IDs and display names. The output 
appears as: 

@ <display name> 
@ <time zone ID> 
/? Displays help at the command prompt. 
Remarks 


An exit code of 0 indicates the command completed successfully. 


Examples 


To display the current time zone ID, type: 
tzutil /g 
To set the current time zone to Pacific Standard time, type: 
tzutil /s "Pacific Standard time" 
To set the current time zone to Pacific Standard time and disable Daylight Saving time adjustments, type: 


tzutil /s "Pacific Standard time_dstoff" 


Additional References 


e Command-Line Syntax Key 


UNEXPOSE 
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Unexposes a shadow copy that was exposed by using the expose command. The exposed shadow copy can be 
specified by its Shadow ID, drive letter, share, or mount point. 


Syntax 


unexpose {<shadowID> | <drive:> | <share> | <mountpoint>} 


Parameters 
PARAMETER DESCRIPTION 
<shadowID> Displays the shadow copy specified by the given Shadow ID. 
You can use an existing alias or an environment variable in 
place of <shadowID> . Use the add command without 
parameters to see all existing aliases. 
<drive:> Displays the shadow copy associated with the specified drive 
letter (for example, drive P). 
<share> Displays the shadow copy associated with the specified share 
(for example, \\MachineName ). 
<mountpoint> Displays the shadow copy associated with the specified mount 
point (for example, C:\shadowcopy\ ). 
add Used without parameters will show you the existing aliases. 
Examples 


To unexpose the shadow copy associated with *drive P:*, type: 


unexpose P: 


Additional References 


e Command-Line Syntax Key 
e add command 


e expose command 


uniqueid 
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Displays or sets the GUID partition table (GPT) identifier or master boot record (MBR) signature for the basic or 
dynamic disk with focus. A basic or dynamic disk must be selected for this operation to succeed. Use the select disk 
command to select a disk and shift the focus to it. 


Syntax 


uniqueid disk [id={<dword> | <GUID>}] [noerr] 


Parameters 
PARAMETER DESCRIPTION 
id= {<dword> | <GUID>} For MBR disks, this parameter specifies a 4-byte (DWORD) 
value in hexadecimal form for the signature. For GPT disks, 
this parameter specifies a GUID for the identifier. 
noerr For scripting only. When an error occurs, DiskPart continues 
to process commands as if the error didn't occur. Without this 
parameter, an error causes DiskPart to exit with an error code. 
Examples 


To display the signature of the MBR disk with focus, type: 
uniqueid disk 
To set the signature of the MBR disk with focus to the DWORD value 5f762c36, type: 


uniqueid disk id=5f1b2c36 


To set the identifier of the GPT disk with focus to the GUID value baf784e7-6bbd-4cfb-aaac-e86c96e166ee, type: 


uniqueid disk id=baf784e7-6bbd-4cfb-aaac-e86c96e166ee 


Additional References 


e Command-Line Syntax Key 


e select disk command 


unlodctr 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Removes Performance counter names and Explain text for a service or device driver from the system registry. 





WARNING 


Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back 


up any valued data on the computer. 





Syntax 


unlodctr <drivername> 


Parameters 
PARAMETER DESCRIPTION 
<drivername> Removes the Performance counter name settings and 
Explain text for driver or service <drivername> from the 
Windows Server registry. If your <drivername> includes 
spaces, you must use quotation marks around the text, for 
example "Driver name". 
/ Displays help at the command prompt. 
Examples 


To remove the current Performance counter names and Explain text for the Simple Mail Transfer Protocol 
(SMTP) service, type: 


unlodctr SMTPSVC 


Additional References 


e Command-Line Syntax Key 


Ver 
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Displays the operating system version number. This command is supported in the Windows Command prompt 
(Cmd.exe), but not in PowerShell. 


Syntax 
ver 
Parameters 
PARAMETER DESCRIPTION 
P Displays help at the command prompt. 
Examples 


To obtain the version number of the operating system from the Command shell (cmd.exe), type: 


The ver command doesn't work in PowerShell. If you want to get the operating system version number through 
PowerShell, type: 


$PSVersionTable.BuildVersion 


Additional References 


e Command-Line Syntax Key 


verifier 


11/2/2020 * 9 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Driver Verifier monitors Windows kernel-mode drivers and graphics drivers to detect illegal function calls or 
actions that might corrupt the system. Driver Verifier can subject Windows drivers to a variety of stresses and tests 
to find improper behavior. You can configure which tests to run, which allows you to put a driver through heavy 
stress loads or through more streamlined testing. You can also run Driver Verifier on multiple drivers 


simultaneously, or on one driver at a time. 


IMPORTANT 


You must be in the Administrators group on the computer to use Driver Verifier. Running Driver Verifier can cause the 


computer to crash, so you should only run this utility on computers used for testing and debugging. 





Syntax 


verifier /standard /all 

verifier /standard /driver NAME [NAME ...] 

verifier /flags <options> /all 

verifier /flags <options> /driver NAME [NAME ...] 

verifier /rules [OPTION ...] 

verifier /query 

verifier /querysettings 

verifier /bootmode [persistent | disableafterfail | oneboot] 
verifier /reset 

verifier /faults [Probability] [PoolTags] [Applications] [DelayMins] 
verifier /faultssystematic [OPTION ...] 

verifier /log LOG_FILE_NAME [/interval SECONDS] 

verifier /volatile /flags <options> 

verifier /volatile /adddriver NAME [NAME ...] 

verifier /volatile /removedriver NAME [NAME ...] 

verifier /volatile /faults [Probability] [PoolTags] [Applications] [DelayMins] 
verifier /domain <types> <options> /driver ... [/logging | /livedump] 
verifier /logging 

verifier /livedump 

verifier /? 

verifier /help 


Parameters 
PARAMETER DESCRIPTION 
/all Directs the Driver Verifier utility to verify all installed drivers 


after the next boot. 


PARAMETER 


/bootmode 


[persistent | disableafterfail | oneboot | 
resetonunusualshutdown] 


/driver <driverlist»> 


/driverexclude <driverlist> 


/faults 


DESCRIPTION 


Controls whether the settings for the Driver Verifier utility are 

enabled after a reboot. To set or change this option, you must 

reboot the computer. The following modes are available: 

© persistent - Ensures that the Driver Verifier settings 
persist (stay in effect) over many reboots. This is the 
default setting. 

e disableafterfail - If Windows fails to start, this setting 
disables the Driver Verifier utility for subsequent 
reboots. 

© oneboot - Only enables the Driver Verifier settings for 
the next time the computer starts. The Driver Verifier 
utility is disabled for subsequent reboots. 

e resetonunusualshutdown - The Driver Verifier 
utility will persist until an unusual shutdown occurs. Its 
abbrevation, 'rous', can be used. 


Specifies one or more drivers that will be verified. The 
driverlist parameter is a list of drivers by binary name, such 
as driversys. Use a space to separate each driver name. 
Wildcard values, such as_n*.sys , aren't supported. 


Specifies one or more drivers that will be excluded from 
verification. This parameter is applicable only if all drivers are 
selected for verification. The driverlist parameter is a list of 
drivers by binary name, such as driversys. Use a space to 
separate each driver name. Wildcard values, such as n*.sys , 
aren't supported. 


Enables the Low Resources Simulation feature in the Driver 

Verifier utility. You can use /faults in place of /flags ex4 . 

However, you can't use /flags øx4 with the /faults sub- 

parameters. You can use the following subparameters of the 

/faults parameter to configure the Low Resources Simulation: 

e Probability - Specifies the probability that the Driver 
Verifier utility will fail a given allocation. Type a number 
(in decimal or hexadecimal) to represent the number of 
chances in 10,000 that the Driver Verifier utility will fail 
the allocation. The default value, 600, means 
600/10000 or 6%. 

e Pool Tags - Limits the allocations that the Driver 
Verifier utility can fail to allocations with the specified 
pool tags. You can use a wildcard character (*) to 
represent multiple pool tags. To list multiple pool tags, 
separate the tags with spaces. By default, all allocations 
can fail. 

e Applications - Limits the allocations that the Driver 
Verifier utility can fail to allocations for the specified 
program. Type the name of an executable file. To list 
programs, separate the program names with spaces. 

By default, all allocations can fail. 

e DelayMins - Specifies the number of minutes after 
booting during which the Driver Verifier utility does 
not intentionally fail any allocations. This delay allows 
the drivers to load and the system to stabilize before 
the test begins. Type a number (in decimal or 
hexadecimal). The default value is 7 (minutes). 


PARAMETER 


/faultssystematic 


DESCRIPTION 


Specifies the options for Systematic Low Resources 
simulation. Use the ex4eee0e flag to select the Systematic 


Low Resources simulation option. The following options are 
available: 


enableboottime - Enables fault injections across 
computer reboots. 

disableboottime - Disables fault injections across 
computer reboots (this is the default setting). 
recordboottime - Enables fault injections in what if 
mode across computer reboots. 

resetboottime - Disables fault injections across 
computer reboots and clears the stack exclusion list. 
enableruntime - Dynamically enables fault injections. 
disableruntime - Dynamically disables fault 
injections. 

recordruntime - Dynamically enables fault injections 
in what if mode. 

resetruntime - Dynamically disables fault injections 
and clears the previously faulted stack list. 
querystatistics - Shows the current fault injection 
statistics. 

incrementcounter - Increments the test pass 
counter used to identify when a fault was injected. 
getstackid COUNTER - Retrieves the indicated 
injected stack identifier. 


excludestack STACKID - Excludes the stack from 
fault injection. 


PARAMETER 


/flags <options> 


/flags <volatileoptions> 


DESCRIPTION 


Activates the specified options after the next reboot. This 

number can be entered in decimal or in hexadecimal (with an 

Ox prefix) format. Any combination of the following values is 

allowed: 

e Value: 1 or Ox1 (bit 0) - Special pool checking 

e Value: 2 or 0x2 (bit 1) - Force IRQL Checking 

e Value: 4 or 0x4 (bit 2) - Low Resources Simulation 

e Value: 8 or 0x8 (bit 3) - Pool Tracking 

e Value: 16 or 0x10 (bit 4) - 1/0 Verification 

e Value: 32 or 0x20 (bit 5) - Deadlock Detection 

e Value: 64 or 0x40 (bit 6) - Enhanced I/O 
Verification. This option is automatically activated when 
you select I/O Verification. 

e Value: 128 or 0x80 (bit 7) - DMA Verification 

e Value: 256 or 0x100 (bit 8) - Security Checks 

e Value: 512 or 0x200 (bit 9) - Force Pending I/O 
Requests 

e Value: 1024 or 0x400 (bit 10) - IRP Logging 

e Value: 2048 or 0x800 (bit 11) - Miscellaneous 
Checks 

e Value: 8192 or 0x2000 (bit 13) - Invariant MDL 
Checking for Stack 

e Value: 16384 or 0x4000 (bit 14) - Invariant MDL 
Checking for Driver 

e Value: 32768 or 0x8000 (bit 15) - Power 
Framework Delay Fuzzing 

e Value: 65536 or 0x10000 (bit 16) - Port/miniport 
interface checking 

e Value: 131072 or 0x20000 (bit 17) - DDI 
compliance checking 

e Value: 262144 or 0x40000 (bit 18) - Systematic 
low resources simulation 

e Value: 524288 or 0x80000 (bit 19) - DDI 
compliance checking (additional) 

e Value: 2097152 or 0x200000 (bit 21) - 
NDIS/WIFI verification 

e Value: 8388608 or 0x800000 (bit 23) - Kernel 
synchronization delay fuzzing 

e Value: 16777216 or 0x1000000 (bit 24) - VM 
switch verification 

e Value: 33554432 or 0x2000000 (bit 25) - Code 
integrity checks. You can't use this method to activate 
the SCSI Verification or Storport Verification options. 
For more information, see SCSI Verification and 
Storport Verification. 


Specifies the the Driver Verifier utility options that are changed 
immediately without rebooting.This number can be entered in 
decimal or in hexadecimal (with an Ox prefix) format. Any 
combination of the following values is allowed: 

6 Value: 1 or 0x1 (bit 0) - Special pool 

e Value: 2 or 0x2 (bit 1) - Force IRQL Checking 

e Value: 4 or 0x4 (bit 2) - Low Resources Simulation 


PARAMETER 


<probability> 


<tags> 


<apps> 


<minutes> 


/iolevel <level> 


/log <logfilename> [/intervalseconds ] 


/rules <option> 


DESCRIPTION 


Number between 1 and 10,000 specifying the fault injection 
probability. For example, specifying 100 means a fault injection 
probability of 1% (100/10,000). 

if this parameter isn't specified, the default probability of 

6% is used. 


Specifies the pool tags that will be injected with faults, 
separated by space characters. If this parameter is not 
specified then any pool allocation can be injected with faults. 


Specifies the image file name of the apps that will be injected 
with faults, separated by space characters. If this parameter 
isn't specified then low resources simulation can take place in 
any application. 


A positive number specifying the length of the period after 
rebooting, in minutes, during which no fault injection will 
occur. If this parameter isn't specified then the default length 
of 8 minutes is used. 


Specifies the level of I/O Verification. The value of [level] can be 
1 - Enables Level 1 1/O Verification (default) or 2 - Enables 
Level 1 I/O Verification and Level 2 1/0 Verification. If I/O 
Verification isn't enabled (by using /flags Øx10 ), /iolevel is 
ignored. 


Creates a log file using the specified name. The Driver Verifier 
utility periodically writes statistics to this file, based on the 
interval you optionally set. The default interval is 30 seconds. 
If a verifier /log command is typed at the command line, 

the command prompt doesn't return. To close the log file 
and return a prompt, use the CTRL+C key. After a 

reboot, to create a log, you must submit the verifier /log 
command again. 


Options for rules that can be disabled, including: 

e query - Shows current status of controllable rules. 

e reset - Resets all rules to their default state. 

e default ID - Sets rule ID to its default state. For the 
supported rules, the rule ID is the Bug Check OxC4 
(DRIVER VERIFIER DETECTED VIOLATION) parameter 
1 value. 

e disable ID - Disables specified rule ID. For the 
supported rules, the rule ID is the Bug Check OxC4 
(DRIVER_VERIFIER_DETECTED_VIOLATION) parameter 
1 value. 


PARAMETER 


/standard 


/volatile 


/adddriver <volatiledriverlist> 


/removedriver <volatiledriverlist> 


/reset 


/querysettings 


/query 


DESCRIPTION 


Activates the "standard" or default Driver Verifier options after 
the next restart. The standard options are Special Pool, Force 
IRQL Checking, Pool Tracking, I/O Verification, Deadlock 
Detection, DMA Verification, Security Checks, Miscellaneous 
Checks, and DDI compliance checking. This is equivalent to 

/ flags Øx2Ø9BB 


[NOTE] Starting in Windows 10 versions after 1803, using 
/flags @x2@9BB will no longer automatically enable 

WDF verification. Use the /standard syntax to enable 

standard options, with WDF verification included. 


Changes the settings without rebooting the computer. Volatile 
settings take effect immediately. 


You can use the /volatile parameter with the /flags 
parameter to enable and disable some options without 
rebooting. You can also use /volatile with the 
/adddriver and /removedriver parameters to start or 
stop the verification of a driver without rebooting, even if 
the Driver Verifier utility isn't running. For more 
information, see Using Volatile Settings. 


Removes the specified drivers from the volatile settings. To 
specify multiple drivers, list their names, separated by spaces. 
Wildcard values, such as n.sys, aren't supported. 


Clears all the Driver Verifier utility settings. After the next 
restart, no drivers will be verified. 


Displays a summary of the options that will be activated and 
drivers that will be verified after the next boot. The display 
doesn't include drivers and options added by using the 
/volatile parameter. For other ways to view these settings, 
see Viewing Driver Verifier Settings. 


Displays a summary of the Driver Verifier utility's current 
activity. The Level field in the display is the hexadecimal value 
of options set with the /volatile parameter. For explanations 
of each statistic, see Monitoring Global Counters and 
Monitoring Individual Counters. 


PARAMETER DESCRIPTION 


/domain <types> <options> Controls the verifier extension settings. The following verifier 
extension types are supported: 
e wdm - Enables verifier extension for WDM drivers. 


e ndis - Enables verifier extension for networking 
drivers. 


e ks - Enables verifier extension for kernel mode 
streaming drivers. 


e audio - Enables verifier extension for audio drivers. 


. The following extension options are supported: 
e rules.default - Enables default validation rules for the 
selected verifier extension. 


e rules.all - Enables all validation rules for the selected 
verifier extension. 


/logging Enables logging for violated rules detected by the selected 
verifier extensions. 


/livedump Enables live memory dump collection for violated rules 
detected by the selected verifier extensions. 


/? Displays command-line help. 
Return Codes 
The following values are returned after driver verifier has run: 
e 0: EXIT CODE SUCCESS 
e 1: EXIT CODE ERROR 


e 2: EXIT CODE REBOOT NEEDED 


Remarks 


e You can use the /volatile parameter with some of the Driver Verifier utility /flags options and with /standard. 
You can't use /volatile with the /flags options for DDI compliance checking, Power Framework Delay Fuzzing, 
Storport Verification, or SCSI Verification. For more information, see Using Volatile Settings. 


Additional References 


e Command-Line Syntax Key 


Driver Verifier 


Controlling Driver Verifier 


Monitoring Driver Verifier 


Using Volatile Settings 


VEN 
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Tells the Command Prompt tool (cmd.exe) whether to verify your files are written correctly to a disk. 


Syntax 


verify [on | off] 


Parameters 


PARAMETER 
[on | off] 


n 


Examples 


To display the current verify setting, type: 


verify 
To turn the verify setting on, type: 
verify on 


Additional References 


e Command-Line Syntax Key 


DESCRIPTION 


Switches the verify setting on or off. 


Displays help at the command prompt. 


vol 
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Displays the disk volume label and serial number, if they exist. If used without parameters, vol displays information 
for the current drive. 


Syntax 


vol [<drive>:] 


Parameters 


PARAMETER DESCRIPTION 





Specifies the drive that contains the disk for which you want 
to display the volume label and serial number. 





R Displays help at the command prompt. 


Additional References 


e Command-Line Syntax Key 


vssadmin 
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Applies to: Windows 10, Windows 8.1, Windows Server 2016, Windows Server 2012 R2, Windows Server 
2012, Windows Server 2008 R2, Windows Server 2008 


Displays current volume shadow copy backups and all installed shadow copy writers and providers. Select a 
command name in the following table view its command syntax. 


COMMAND DESCRIPTION AVAILABILITY 

vssadmin delete shadows Deletes volume shadow copies. Client and Server 
vssadmin list shadows Lists existing volume shadow copies. Client and Server 
vssadmin list writers Lists all subscribed volume shadow Client and Server 


copy writers on the system. 


vssadmin resize shadowstorage Resizes the maximum size for a shadow Client and Server 
copy storage association. 


Additional References 


e Command-Line Syntax Key 


vssadmin delete shadows 
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Applies to: Windows 10, Windows 8.1, Windows Server 2016, Windows Server 2012 R2, Windows Server 
2012, Windows Server 2008 R2, Windows Server 2008 


Deletes a specified volume's shadow copies. You can only delete shadow copies with the c/ient-accessible type. 


Syntax 


vssadmin delete shadows /for=<ForVolumeSpec> [/oldest | /all | /shadow=<ShadowID>] [/quiet] 


Parameters 
PARAMETER DESCRIPTION 
/for= <ForVolumeSpec> Specifies which volume's shadow copy will be deleted. 
/oldest Deletes only the oldest shadow copy. 
/all Deletes all of the specified volume's shadow copies. 
/shadow= <ShadowID> Deletes the shadow copy specified by ShadowlD. To get the 
shadow copy ID, use the vssadmin list shadows command. 
When you enter a shadow copy ID, use the following format, 
where each X represents a hexadecimal character: 
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX 
/quiet Specifies that the command won't display messages while 
running. 
Examples 


To delete the oldest shadow copy of volume C, type: 


vssadmin delete shadows /for=c: /oldest 


Additional References 
e Command-Line Syntax Key 
e vssadmin command 


e vssadmin list shadows command 


vssadmin list shadows 
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Applies to: Windows 10, Windows 8.1, Windows Server 2016, Windows Server 2012 R2, Windows Server 
2012, Windows Server 2008 R2, Windows Server 2008 


Lists all existing shadow copies of a specified volume. If you use this command without parameters, it displays all 
volume shadow copies on the computer in the order dictated by Shadow Copy Set. 


Syntax 


vssadmin list shadows [/for=<ForVolumeSpec>] [/shadow=<ShadowID>] 


Parameters 
PARAMETER DESCRIPTION 
/for= <ForVolumeSpec> Specifies which volume the shadow copies will be listed for. 
/shadow= <ShadowID> Lists the shadow copy specified by ShadowlD. To get the 


shadow copy ID, use the vssadmin list shadows command. 
When you type a shadow copy ID, use the following format, 
where each X represents a hexadecimal character: 


KIKK HHK KIKK KKK KIKK 


Additional References 


e Command-Line Syntax Key 
e vssadmin command 


e vssadmin list shadows command 


vssadmin list writers 
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Applies to: Windows 10, Windows 8.1, Windows Server 2016, Windows Server 2012 R2, Windows Server 
2012, Windows Server 2008 R2, Windows Server 2008 





Lists subscribed volume shadow copy writers. 


Syntax 


vssadmin list writers 


Additional References 





e Command-Line Syntax Key 


e vssadmin command 


vssadmin resize shadowstorage 
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Applies to: Windows 10, Windows 8.1, Windows Server 2016, Windows Server 2012 R2, Windows Server 
2012, Windows Server 2008 R2, Windows Server 2008 


Resizes the maximum amount of storage space that can be used for shadow copy storage. 


The minimum amount of storage space that can be used for shadow copy storage can be specified by using the 
MinDiffAreaFileSize registry value. For more information, see MinDiffAreaFileSize. 





WARNING 


Resizing the storage association may cause shadow copies to disappear. 





Syntax 


vssadmin resize shadowstorage /for=<ForVolumeSpec> /on=<OnVolumeSpec> [/maxsize=<MaxSizeSpec>] 


Parameters 

PARAMETER DESCRIPTION 

/for= <ForVolumeSpec> Specifies the volume for which the maximum amount of 
storage space is to be resized. 

/on= <OnVolumeSpec> Specifies the storage volume. 

[/maxsize= <MaxSizeSpec> ] Specifies the maximum amount of space that can be used for 
storing shadow copies. If no value is specified for /maxsize, 
there's no limit placed on the amount of storage space that 
can be used. 

The MaxSizeSpec value must be 1 MB or greater and 
must be expressed in one of the following units: KB, MB, 
GB, TB, PB, or EB. If no unit is specified, MaxSizeSpec 
uses bytes by default. 

Examples 


To resize shadow copy of volume C on volume D, with a maximum size of 900MB, type: 


vssadmin resize shadowstorage /For=C: /On=D: /MaxSize=900MB 


To resize shadow copy of volume C on volume D, with no maximum size, type: 


vssadmin resize shadowstorage /For=C: /On=D: /MaxSize=UNBOUNDED 


To resize shadow copy of volume C by 20%, type: 


vssadmin resize shadowstorage /For=C: /On=C: /MaxSize=20% 


Additional References 


e Command-Line Syntax Key 


@ vssadmin command 


waitfor 
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Sends or waits for a signal on a system. This command is used to synchronize computers across a network. 


Syntax 


waitfor [/s <computer> [/u [<domain>\]<user> [/p [<password>]]]] /si <signalname> 
waitfor [/t <timeout>] <signalname> 


Parameters 

PARAMETER DESCRIPTION 

/S <computer> Specifies the name or IP address of a remote computer (don't 
use backslashes). The default is the local computer. This 
parameter applies to all files and folders specified in the 
command. If you don't use this parameter, the signal is 
broadcast to all the systems in a domain. If you do use this 
parameter, the signal is sent only to the specified system. 

/U [<domain>]<user> Runs the script using the credentials of the specified user 
account. By default, waitfor uses the current user's 
credentials. 

/p [\<password>] Specifies the password of the user account that is specified in 
the /u parameter. 

/si Sends the specified signal across the network. This parameter 
also lets you manually activate a signal. 

/t <timeout> Specifies the number of seconds to wait for a signal. By 
default, waitfor waits indefinitely. 

<signalname> Specifies the signal that waitfor waits for or sends. This 
parameter isn't case-sensitive and can't exceed 225 characters. 
Valid characters include a-z, A-Z, 0-9, and the ASCII extended 
character set (128-255). 
P Displays help at the command prompt. 
Remarks 


e You can run multiple instances of waitfor on a single computer, but each instance of waitfor must wait for 


a different signal. Only one instance of waitfor can wait for a given signal on a given computer. 
e Computers can only receive signals if they are in the same domain as the computer sending the signal. 


e You can use this command when you test software builds. For example, the compiling computer can send a 
signal to several computers running waitfor after the compile has completed successfully. On receipt of the 
signal, the batch file that includes waitfor can instruct the computers to immediately start installing 
software or running tests on the compiled build. 


Examples 


To wait until the espresso|build007 signal is received, type: 
waitfor espresso\buildee7 


By default, waitfor waits indefinitely for a signal. 


To wait 70 seconds for the espresso\compile007 signal to be received before timing out, type: 
waitfor /t 10 espresso\buildee7 

To manually activate the espresso\bui/d007 signal, type: 
waitfor /si espresso\buildee7 


Additional References 


e Command-Line Syntax Key 


wbadmin 
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Enables you to back up and restore your operating system, volumes, files, folders, and applications from a 


command prompt. 


To configure a regularly scheduled backup using this command, you must be a member of the Administrators 


group. To perform all other tasks with this command, you must be a member of the Backup Operators group 


or the Administrators group, or you must have been delegated the appropriate permissions. 


You must run wbadmin from an elevated command prompt, by right-clicking Command Prompt, and then 


selecting Run as administrator. 


Parameters 


PARAMETER 


wbadmin delete catalog 


wbadmin delete systemstatebackup 
wbadmin disable backup 

wbadmin enable backup 

wbadmin get disks 

wbadmin get items 


wbadmin get status 


wbadmin get versions 


wbadmin restore catalog 


wbadmin start backup 


wbadmin start recovery 


wbadmin start sysrecovery 


DESCRIPTION 


Deletes the backup catalog on the local computer. Use this 
command only if the backup catalog on this computer is 
corrupted and you have no backups stored at another 
location that you can use to restore the catalog. 


Deletes one or more system state backups. 


Disables your daily backups. 


Configures and enables a regularly scheduled backup. 


Lists disks that are currently online. 


Lists the items included in a backup. 


Shows the status of the currently running backup or 
recovery operation. 


Lists details of backups recoverable from the local computer 
or, if another location is specified, from another computer. 


Recovers a backup catalog from a specified storage location 
in the case where the backup catalog on the local computer 
has been corrupted. 


Runs a one-time backup. If used with no parameters, uses 
the settings from the daily backup schedule. 


Runs a recovery of the volumes, applications, files, or folders 
specified. 


Runs a recovery of the full system (at least all the volumes 
that contain the operating system's state). This command is 
only available if you are using the Windows Recovery 
Environment. 


PARAMETER DESCRIPTION 


wbadmin start systemstatebackup Runs a system state backup. 
wbadmin start systemstaterecovery Runs a system state recovery. 
wbadmin stop job Stops the currently running backup or recovery operation. 


Additional References 


e Command-Line Syntax Key 
e Windows Server Backup Cmdlets in Windows PowerShell 


e Windows Recovery Environment (WinRE) 


wbadmin delete catalog 
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Deletes the backup catalog that is stored on the local computer. Use this command when the backup catalog has 
been corrupted and you can't restore it using the wbadmin restore catalog command. 


To delete a backup catalog using this command, you must be a member of the Backup Operators group or the 

Administrators group, or you must have been delegated the appropriate permissions. In addition, you must run 
wbadmin from an elevated command prompt, by right-clicking Command Prompt, and then selecting Run as 
administrator. 


Syntax 


wbadmin delete catalog [-quiet] 


Parameters 

PARAMETER DESCRIPTION 

-quiet Runs the command without prompts to the user. 
Remarks 


e If you delete the backup catalog of a computer, you'll no longer be able to get to any backups created for 
that computer using the Windows Server Backup snap-in. However, if you can get to another backup 
location and run the wbadmin restore catalog command, you can restore the backup catalog from that 
location. 


e We strongly recommend you create a new backup after you delete a backup catalog. 


Additional References 

e Command-Line Syntax Key 

e wbadmin command 

e wbadmin restore catalog command 


e Remove-WBCatalog 


wbadmin delete systemstatebackup 
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Deletes the system state backups that you specify. If the specified volume contains backups other than system 
state backups of your local server, those backups will not be deleted. 


To delete a system state backup using this command, you must be a member of the Backup Operators group or 
the Administrators group, or you must have been delegated the appropriate permissions. In addition, you must 
run wbadmin from an elevated command prompt, by right-clicking Command Prompt, and then selecting Run 
as administrator. 





NOTE 


Windows Server Backup does not back up or recover registry user hives (HKEY_CURRENT_USER) as part of system state 
backup or system state recovery. 





Syntax 


wbadmin delete systemstatebackup {-keepVersions:<numberofcopies> | -version:<versionidentifier> | - 
deleteoldest} [-backupTarget:<volumename>] [-machine:<backupmachinename>] [-quiet] 





IMPORTANT 


You must only specify one of these parameters: -keepVersions, -version, or -deleteOldest. 





Parameters 

PARAMETER DESCRIPTION 

-keepVersions Specifies the number of the latest system state backups to 
keep. The value must be a positive integer. The parameter 
value -keepversions:0 deletes all the system state backups. 

-version Specifies the version identifier of the backup in 
MM/DD/YYYY-HH:MM format. If you don't know the version 
identifier, run the wbadmin get versions command. 
Versions made up of exclusively system state backups can 
be deleted using this command. Run the wbadmin get 
items command to view the version type. 

-deleteOldest Deletes the oldest system state backup. 

-backupTarget Specifies the storage location for the backup that you want to 


delete. The storage location for disk backups can be a drive 
letter, a mount point, or a GUID-based volume path. This 
value only needs to be specified for locating backups that are 
not on the local computer. Information about backups for the 
local computer is available in the backup catalog on the local 
computer. 


PARAMETER DESCRIPTION 


-machine Specifies the computer whose system state backup you want 
to delete. Useful when multiple computers were backed up to 
the same location. Should be used when the -backupTarget 
parameter is specified. 


-quiet Runs the command without prompts to the user. 


Examples 


To delete the system state backup created on March 31, 2013 at 10:00 AM, type: 


wbadmin delete systemstatebackup -version: @3/31/2013-10:00 


To delete all system state backups, except the three most recent, type: 


wbadmin delete systemstatebackup -keepVersions:3 
To delete the oldest system state backup stored on disk f:, type: 


wbadmin delete systemstatebackup -backupTarget:f:\ -deleteOldest 


Additional References 


Command-Line Syntax Key 


wbadmin command 


wbadmin get versions command 


wbadmin get items command 


wbadmin disable backup 
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Stops running the existing scheduled daily backups. 


To disable a scheduled daily backup using this command, you must be a member of the Administrators group, or 
you must have been delegated the appropriate permissions. In addition, you must run wbadmin from an elevated 
command prompt, by right-clicking Command Prompt, and then selecting Run as administrator. 


Syntax 


wbadmin disable backup [-quiet] 


Parameters 
PARAMETER DESCRIPTION 
-quiet Runs the command without prompts to the user. 


Additional References 
e Command-Line Syntax Key 
e wbadmin command 


e wbadmin enable backup command 


wbadmin enable backup 
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Creates and enables a daily backup schedule or modifies an existing backup schedule. With no parameters 
specified, it displays the currently scheduled backup settings. 


To configure or modify a daily backup schedule using this command, you must be a member of the Backup 
Operators group or the Administrators group. In addition, you must run wbadmin from an elevated command 
prompt, by right-clicking Command Prompt, and then selecting Run as administrator. 


To view the disk identifier value for your disks, run the wbadmin get disks command. 


Syntax 


wbadmin enable backup [-addtarget:<BackupTarget>] [-removetarget:<BackupTarget>] [-schedule:<TimeToRunBackup> ] 
[-include:<VolumesToInclude>] [-nonRecurseInclude:<ItemsToInclude>] [-exclude:<ItemsToExclude>] [- 
nonRecurseExclude:<ItemsToExclude>][-systemState] [-hyperv:<HyperVComponentsToExclude>] [-allCritical] [- 
systemState] [-vssFull | -vssCopy] [-user:<UserName>] [-password:<Password>] [-allowDeleteOldBackups] [- 
quiet] 


Parameters 


PARAMETER DESCRIPTION 


-addtarget Specifies the storage location for backups. Requires you to 
specify the location as a disk, volume, or Universal Naming 
Convention (UNC) path to a remote shared folder ( 
\\<servername>\<sharename> ). By default, the backup will 
be saved at: 


\\<servername>\<sharename> WindowsImageBackup 
<ComputerBackedUp> 


. If you specify a disk, the disk will be formatted before use, 
and any existing data on it is permanently erased. If you 
specify a shared folder, you can't add more locations. You can 
only specify one shared folder as a storage location at a time. 


Important: If you save a backup to a remote shared 
folder, that backup is overwritten if you use the same 
folder to back up the same computer again. In addition, if 
the backup operation fails, you could end up with no 
backup because the older backup will be overwritten, but 
the newer backup won't be usable. You can avoid this by 
creating sub-folders in the remote shared folder to 
organize your backups. If you do this, the sub-folders 
need twice the space of the parent folder. 


Only one location can be specified in a single command. 
Multiple volume and disk backup storage locations can be 
added by running the command again. 


-removetarget Specifies the storage location that you want to remove from 
the existing backup schedule. Requires you to specify the 
location as a disk identifier. 


PARAMETER 


-schedule 


-include 


-nonRecurselnclude 


-exclude 


-nonRecurseExclude 


-hyperv 


-systemState 


DESCRIPTION 


Specifies times of day to create a backup, formatted as 
HH:MM and comma delimited. 


Specifies the comma-delimited list of items to include in the 
backup. You can include multiple files, folders, or volumes. 
Volume paths can be specified using volume drive letters, 
volume mount points, or GUID-based volume names. If you 
use a GUID-based volume name, it should end with a 
backslash ( \ ). You can use the wildcard character ( * ) in the 
file name when specifying a path to a file. 


Specifies the non-recursive, comma-delimited list of items to 
include in the backup. You can include multiple files, folders, or 
volumes. Volume paths can be specified using volume drive 
letters, volume mount points, or GUID-based volume names. 
If you use a GUID-based volume name, it should end with a 
backslash ( \ ). You can use the wildcard character ( * ) in the 
file name when specifying a path to a file. Should be used only 
when the -backupTarget parameter is used. 


Specifies the comma-delimited list of items to exclude from 
the backup. You can exclude files, folders, or volumes. Volume 
paths can be specified using volume drive letters, volume 
mount points, or GUID-based volume names. If you use a 
GUID-based volume name, it should end with a backslash ( 

\ ). You can use the wildcard character ( * ) in the file name 
when specifying a path to a file. 


Specifies the non-recursive, comma-delimited list of items to 
exclude from the backup. You can exclude files, folders, or 
volumes. Volume paths can be specified using volume drive 
letters, volume mount points, or GUID-based volume names. 
If you use a GUID-based volume name, it should end with a 
backslash ( \ ). You can use the wildcard character ( * ) in the 
file name when specifying a path to a file. 


Specifies the comma-delimited list of components to be 
included in backup. The identifier can be a component name 
or component GUID (with or without braces). 


Creates a backup that includes the system state in addition to 
any other items that you specified with the -include 
parameter. The system state contains boot files (Boot. ini, 
NDTLDR, NTDetect.com), the Windows Registry including 
COM settings, the SYSVOL (Group Policies and Logon 
Scripts), the Active Directory and NTDS.DIT on domain 
controllers and, if the certificates service is installed, the 
Certificate Store. If your server has the Web server role 
installed, the IIS Metadirectory will be included. If the server is 
part of a cluster, Cluster service information is also included. 


PARAMETER 


-allCritical 


-vssFull 


-vssCopy 


-user 


-password 
-allowDeleteOldBackups 
-quiet 


Examples 


DESCRIPTION 


Specifies that all critical volumes (volumes that contain 
operating system's state) be induded in the backups. This 
parameter is useful if you are creating a backup for full system 
or system state recovery. It should be used only when - 
backupTarget is specified; otherwise, the command fails. Can 
be used with the -include option. 


Tip: The target volume for a critical-volume backup can 
be a local drive, but it can't be any of the volumes that 
are included in the backup. 


Performs a full back up using the Volume Shadow Copy 
Service (VSS). All files are backed up, each file's history is 
updated to reflect that it was backed up, and the logs of 
previous backups may be truncated. If this parameter is not 
used, the wbadmin start backup command makes a copy 
backup, but the history of files being backed up is not 
updated. 


Caution: Don't use this parameter if you're using a 
product other than Windows Server Backup to back up 
apps that are on the volumes included in the current 
backup. Doing so can potentially break the incremental, 
differential, or other type of backups that the other 
backup product is creating because the history that they 
are relying on to determine how much data to backup 
might be missing and they might perform a full backup 
unnecessarily. 


Performs a copy backup using VSS. All files are backed up but 
the history of the files being backup up is not updated so you 
preserve the all the information on which files where changed, 
deleted, and so on, as well as any application log files. Using 
this type of backup does not affect the sequence of 
incremental and differential backups that might happen 
independent of this copy backup. This is the default value. 


Warning: A backup copy can't be used for incremental or 
differential backups or restores. 


Specifies the user with write permission to the backup storage 
destination (if it's a remote shared folder). The user needs to 
be a member of the Administrators or Backup Operators 
group on the computer getting backed up. 


Specifies the password for the user name provided by the 
parameter -user. 


Overwrites any backups made before the computer was 
upgraded. 


Runs the command without prompts to the user. 


To schedule daily backups at 9:00 AM and 6:00 PM for hard disk drives E:, D\mountpoint, and 
\\?\Volume{cc566d14-44a0-11d9-9d93-806e66e6963}\ , and to save the files to the disk named, DiskID, type: 


wbadmin enable backup -addtarget:DiskID -schedule:09:00,18:00 -include:E:,D:\mountpoint, \\?\Volume{cc566d14- 
44a0-11d9-9d93 -806e6f6e6963}\ 


To schedule daily backups of the D:\documents folder at 12:00 AM and 7:00 PM to the network location 
\\backupshare\backup1 , using the network credentials for the Backup Operator, Aaren Ekelund (aekel), who's 


password is $3hM9" 5/p and who is a member of the domain CONTOSOEAST, used to authenticate access to the 
network share, type: 


wbadmin enable backup -addtarget:\\backupshare\backup1 -include: D:\documents -user:CONTOSOEAST\aekel - 
password: $3hM9“5l1p -schedule:00:00,19:00 


To schedule daily backups of volume T: and the D:\documents folder at 1:00 AM to drive H:, excluding the folder 
d:\documents\~tmp , and performing a full backup using the Volume Shadow Copy Service, type: 


wbadmin enable backup -addtarget:H: -include T:,D:\documents -exclude D:\documents\~tmp -vssfull - 
schedule:01:00 


Additional References 


e Command-Line Syntax Key 

e wbadmin command 

e wbadmin enable backup command 
e wbadmin start backup command 


e wbadmin get disks command 


wbadmin get disks 
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Lists the internal and external disks that are currently online for the local computer. 


To list the online disks using this command, you must be a member of the Backup Operators group or the 
Administrators group, or you must have been delegated the appropriate permissions. In addition, you must run 


wbadmin from an elevated command prompt, by right-clicking Command Prompt, and then selecting Run as 
administrator. 


Syntax 


wbadmin get disks 


Additional References 
e Command-Line Syntax Key 
e wbadmin command 


e Get-WBDisk 


wbadmin get items 
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Lists the items included in a specific backup. 


To list the items included in a specific backup using this command, you must be a member of the Backup 
Operators group or the Administrators group, or you must have been delegated the appropriate permissions. 
In addition, you must run wbadmin from an elevated command prompt, by right-clicking Command Prompt, 
and then selecting Run as administrator. 


Syntax 


wbadmin get items -version:<VersionIdentifier> [-backupTarget:{<BackupDestinationVolume> | 
<NetworkSharePath>}] [-machine:<BackupMachineName> ] 


Parameters 


PARAMETER DESCRIPTION 


-version Specifies the version of the backup in MM/DD/YYYY-HH:MM 
format. If you don't know the version information, run the 
wbadmin get versions command. 


-backupTarget Specifies the storage location that contains the backups for 
which you want the details. Use for listing backups stored at 
that target location. Backup target locations can be a locally 
attached disk drive or a remote shared folder. If this 
command is run on the same computer where the backup 
was created, this parameter isn't needed. However, this 
parameter is required to get information about a backup 
created from another computer. 


-machine Specifies the name of the computer that you want the backup 
details for. Useful when multiple computers have been backed 
up to the same location. Should be used when - 
backupTarget is specified. 


Examples 
To list items from the backup that was run on March 31, 2013 at 9:00 A.M, type: 


wbadmin get items -version:03/31/2013-09:00 


To list items from the backup of server01 that was run on April 30, 2013 at 9:00 A.M. and stored on 


\\<servername>\<share> , type: 


wbadmin get items -version:04/30/2013-09:0@ -backupTarget:\\servername\share -machine:server@1 


Additional References 


Command-Line Syntax Key 
wbadmin command 
wbadmin get versions command 


Get-WBBackupSet 


wbadmin get status 
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Reports the status of the backup or recovery operation that is currently running. 


To get the status of the currently running backup or recovery operation using this command, you must be a 
member of the Backup Operators group or the Administrators group, or you must have been delegated the 
appropriate permissions. In addition, you must run wbadmin from an elevated command prompt, by right- 
clicking Command Prompt, and then selecting Run as administrator. 





IMPORTANT 


This command doesn't stop until the backup or recovery operation is finished. The command continues to run even if you 


close the command window. To stop the current backup or recovery operation, run the wbadmin stop job command. 





Syntax 


wbadmin get status 


Additional References 


e Command-Line Syntax Key 


wbadmin command 


wbadmin stop job command 


Get-WBJob 


wbadmin get versions 
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Lists details about the available backups that are stored on the local computer or another computer. The details 
provided for a backup include the backup time, the backup storage location, the version identifier, and the type of 


recoveries you can perform. 


To get details about available backups using this command, you must be a member of the Backup Operators 
group or the Administrators group, or you must have been delegated the appropriate permissions. In addition, 
you must run wbadmin from an elevated command prompt, by right-clicking Command Prompt, and then 
selecting Run as administrator. 


If this command is used without parameters, it lists all backups of the local computer, even if those backups are 
not available. 


Syntax 


wbadmin get versions [-backupTarget:{<BackupTargetLocation> | <NetworkSharePath>}] [- 
machine: BackupMachineName ] 


Parameters 


PARAMETER DESCRIPTION 


-backupTarget Specifies the storage location that contains the backups that 
you want the details for. Use for listing backups stored at 
that target location. Backup target locations can be locally 
attached disk drives, volumes, remote shared folders, 
removable media such as DVD drives or other optical media. 
If this command is run on the same computer where the 
backup was created, this parameter isn't needed. However, 
this parameter is required to get information about a backup 
created from another computer. 


-machine Specifies the computer that you want backup details for Use 
when backups of multiple computers are stored in the same 
location. Should be used when -backupTarget is specified. 


Examples 
To see a list of available backups that are stored on volume Hi; type: 
wbadmin get versions -backupTarget:H: 


To see a list of available backups that are stored in the remote shared folder \\<servername>\<share> for the 


computer server01, type: 


wbadmin get versions -backupTarget:\\servername\share -machine:server@1 


Additional References 
e Command-Line Syntax Key 
e wbadmin command 


e wbadmin get items command 


Get-WBBackupTarget 


wbadmin restore catalog 
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Recovers a backup catalog for the local computer from a storage location that you specify. 


To recover a backup catalog included in a specific backup using this command, you must be a member of the 
Backup Operators group or the Administrators group, or you must have been delegated the appropriate 
permissions. In addition, you must run wbadmin from an elevated command prompt, by right-clicking 
Command Prompt, and then selecting Run as administrator. 





NOTE 

If the location (disk, DVD, or remote shared folder) where you store your backups is damaged or lost and can't be used to 
restore the backup catalog, run the wbadmin delete catalog command to delete the corrupted catalog. In this case, we 
recommend creating a new backup after your backup catalog is deleted. 








Syntax 


wbadmin restore catalog -backupTarget:{<BackupDestinationVolume> | <NetworkShareHostingBackup>} [-machine: 
<BackupMachineName>] [-quiet] 


Parameters 

PARAMETER DESCRIPTION 

-backupTarget Specifies the location of the backup catalog of the system as 
it was at the point after the backup was created. 

-machine Specifies the name of the computer that you want to recover 
the backup catalog for. Use when backups for multiple 
computers have been stored at the same location. Should be 
used when -backupTarget is specified. 

-quiet Runs the command without prompts to the user. 

Examples 


To restore a catalog from a backup stored on disk D:, type: 
wbadmin restore catalog -backupTarget:D 

To restore a catalog from a backup stored in the shared folder \\<servername>\<share> of server01, type: 
wbadmin restore catalog -backupTarget:\\servername\share -machine:servere1 


Additional References 


e Command-Line Syntax Key 


e wbadmin command 
e wbadmin delete catalog command 


e Restore-WBCatalog 


wbadmin start backup 
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Creates a backup using specified parameters. If no parameters are specified and you have created a scheduled 
daily backup, this command creates the backup by using the settings for the scheduled backup. If parameters are 
specified, it creates a Volume Shadow Copy Service (VSS) copy backup and won't update the history of the files 
that are being backed up. 


To create a one-time backup using this command, you must be a member of the Backup Operators group or the 
Administrators group, or you must have been delegated the appropriate permissions. In addition, you must run 
wbadmin from an elevated command prompt, by right-clicking Command Prompt, and then selecting Run as 
administrator. 


Syntax 


wbadmin start backup [-backupTarget:{<BackupTargetLocation> | <TargetNetworkShare>}] [-include: 
<ItemsToInclude>] [-nonRecurseInclude:<ItemsToInclude>] [-exclude:<ItemsToExclude>] [-nonRecurseExclude: 
<ItemsToExclude>] [-allCritical] [-systemState] [-noVerify] [-user:<UserName>] [-password:<Password>] [- 
noInheritAcl] [-vssFull | -vssCopy] [-quiet] 


Parameters 


PARAMETER DESCRIPTION 


-backupTarget Specifies the storage location for this backup. Requires a hard 
disk drive letter (f:), a volume GUID-based path in the format 
of \\?\Volume{GUID} , or a Universal Naming Convention 
(UNC) path to a remote shared folder 

(\\<servername>\<sharename>\) . By default, the backup 
will be saved at: 


\\<servername>\<sharename>\WindowsImageBackup\ 
<ComputerBackedUp>\ 


-include Specifies the comma-delimited list of items to include in the 
backup. You can include multiple files, folders, or volumes. 
Volume paths can be specified using volume drive letters, 
volume mount points, or GUID-based volume names. If you 
use a GUID-based volume name, it should be terminated with 
a backslash ( \ ). You can use the wildcard character ( * ) in 
the file name when specifying a path to a file. The -include 
parameter should only be used in conjunction with the - 
backupTarget parameter. 


-exclude Specifies the comma-delimited list of items to exclude from 
the backup. You can exclude files, folders, or volumes. Volume 
paths can be specified using volume drive letters, volume 
mount points, or GUID-based volume names. If you use a 
GUID-based volume name, it should be terminated with a 
backslash ( \ ). You can use the wildcard character ( * ) in the 
file name when specifying a path to a file. The -exclude 
parameter should only be used in conjunction with the - 
backupTarget parameter. 


PARAMETER 


-nonRecurselnclude 


-nonRecurseExclude 


-allCritical 


-systemState 


-noVerify 


-user 


-password 


DESCRIPTION 


Specifies the non-recursive, comma-delimited list of items to 
include in the backup. You can include multiple files, folders, or 
volumes. Volume paths can be specified using volume drive 
letters, volume mount points, or GUID-based volume names. 
If you use a GUID-based volume name, it should be 
terminated with a backslash ( \ ). You can use the wildcard 
character ( * ) in the file name when specifying a path to a 
file. The -nonRecurselnclude parameter should only be 
used in conjunction with the -backupTarget parameter. 


Specifies the non-recursive, comma-delimited list of items to 
exclude from the backup. You can exclude files, folders, or 
volumes. Volume paths can be specified using volume drive 
letters, volume mount points, or GUID-based volume names. 
If you use a GUID-based volume name, it should be 
terminated with a backslash ( \ ). You can use the wildcard 
character ( * ) in the file name when specifying a path to a 
file. The -nonRecurseExclude parameter should only be 
used in conjunction with the -backupTarget parameter. 


Specifies that all critical volumes (volumes that contain 
operating system's state) be included in the backups. This 
parameter is useful if you're creating a backup for bare metal 
recovery. It should be used only when -backupTarget is 
specified, otherwise the command fails. Can be used with the 
-include option. 


Tip: The target volume for a critical-volume backup can 
be a local drive, but it Can't be any of the volumes that 
are included in the backup. 


Creates a backup that includes the system state in addition to 
any other items that you specified with the -include 
parameter. The system state contains boot files (Boot. ini, 
NDTLDR, NTDetect.com), the Windows Registry including 
COM settings, the SYSVOL (Group Policies and Logon 
Scripts), the Active Directory and NTDS.DIT on Domain 
Controllers and, if the certificates service is installed, the 
Certificate Store. If your server has the Web server role 
installed, the IIS Metadirectory will be included. If the server is 
part of a cluster, Cluster Service information will also be 
included. 


Specifies that backups saved to removable media (such as a 
DVD) are not verified for errors. If you do not use this 
parameter, backups saved to removable media are verified for 
errors. 


If the backup is saved to a remote shared folder, specifies the 
user name with write permission to the folder. 


Specifies the password for the user name that is provided by 
the parameter -user. 


PARAMETER 


-nolnheritAcd 


-vssFull 


-vssCopy 


-quiet 


Remarks 


DESCRIPTION 


Applies the access control list (ACL) permissions that 
correspond to the credentials provided by the -user and - 
password parameters to 


\\<servername>\<sharename>\WindowsImageBackup\ 
<ComputerBackedUp>\ 


(the folder that contains the backup). To access the backup 
later, you must use these credentials or be a member of the 
Administrators group or the Backup Operators group on the 
computer with the shared folder. If -nolnheritAcl is not 
used, the ACL permissions from the remote shared folder are 
applied to the \<ComputerBackedUp> folder by default so 
that anyone with access to the remote shared folder can 
access the backup. 


Performs a full back up using the Volume Shadow Copy 
Service (VSS). All files are backed up, each file's history is 
updated to reflect that it was backed up, and the logs of 
previous backups may be truncated. If this parameter isn't 
used, wbadmin start backup makes a copy backup, but 
the history of files being backed up is not updated. 


Caution: Don't use this parameter if you are using a 
product other than Windows Server Backup to back up 
apps that are on the volumes included in the current 
backup. Doing so can potentially break the incremental, 
differential, or other type of backups that the other 
backup product is creating because the history that they 
are relying on to determine how much data to backup 
might be missing and they might perform a full backup 
unnecessarily. 


Performs a copy backup using VSS. All files are backed up but 
the history of the files being backup up is not updated so you 
preserve the all the information on which files where changed, 
deleted, and so on, as well as any application log files. Using 
this type of backup does not affect the sequence of 
incremental and differential backups that might happen 
independent of this copy backup. This is the default value. 


Warning: A copy backup can't be used for incremental or 
differential backups or restores. 


Runs the command without prompts to the user. 


e If you save your backup to a remote shared folder, and then perform another backup to the same computer 


and the same remote shared folder, you will overwrite your previous backup. 


e If your backup operation fails, you can end up without a backup because the older backup is overwritten, 


but the newer backup isn't usable. To avoid this, we recommend creating subfolders in the remote shared 


folder to organize your backups. However, because of this organization, you must have twice the space 


available as the parent folder. 


Examples 


To create a backup of volumes e; d:\mountpoint, and \\?\Volume{cc566d14-4410-11d9-9d93-806e6f6e6963}\ to 


volume f; type: 


wbadmin start backup -backupTarget:f: -include:e:,d:\mountpoint, \\?\Volume{cc566d14-44a@-11d9-9d93- 
806e6F6e6963}\ 


To perform a one-time backup of f\fo/der7 and h:\folder2 to volume d; to backup the system state, and to make a 
copy backup so the normally scheduled differential backup isn't impacted, type: 


wbadmin start backup -backupTarget:d: -include:g\folderi,h:\folder2 -systemstate -vsscopy 


To perform a one-time, non-recursive backup of a:\fo/der7 to the \\backupshare\backup1* network location, and to 
restrict access to members of the Administrators or Backup Operators group, type: 


wbadmin start backup -backupTarget: \\backupshare\backup1 -noinheritacl -nonrecurseinclude:d:\folder1 


Additional References 


e Command-Line Syntax Key 


e wbadmin command 


wbadmin start recovery 
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Runs a recovery operation based on the parameters that you specify. 


To perform a recovery using this command, you must be a member of the Backup Operators group or the 
Administrators group, or you must have been delegated the appropriate permissions. In addition, you must run 
wbadmin from an elevated command prompt, by right-clicking Command Prompt, and then selecting Run as 
administrator. 


Syntax 


wbadmin start recovery -version:<VersionIdentifier> -items:{<VolumesToRecover> | <AppsToRecover> | 
<FilesOrFoldersToRecover>} -itemtype:{Volume | App | File} [-backupTarget:{<VolumeHostingBackup> | 
<NetworkShareHostingBackup>}] [-machine:<BackupMachineName>] [-recoveryTarget:{<TargetVolumeForRecovery> | 
<TargetPathForRecovery>}] [-recursive] [-overwrite:{Overwrite | CreateCopy | Skip}] [-notRestoreAcl] [- 
skipBadClusterCheck] [-noRollForward] [-quiet] 


Parameters 


PARAMETER DESCRIPTION 


-version Specifies the version identifier of the backup to recover in 
MM/DD/YYYY-HH:MM format. If you don't know the version 
identifier, run the wbadmin get versions command. 


-items Specifies a comma-delimited list of volumes, apps, files, or 
folders to recover. You must use this parameter with the - 
itemtype parameter. 


-itemtype Specifies type of items to recover. Must be Volume, App, or 
File. If the -itemtype is Volume you can specify only a single 
volume, by providing the volume drive letter, volume mount 
point, or GUID-based volume name. If the -itemtype is App, 
you can specify only a single application or you can use the 
value ADIFM to recover an installation of Active Directory. To 
be recovered, the app must have registered with Windows 
Server Backup. If the -itemtype is Fi/e you can specify files or 
folders, but they should be part of the same volume and they 
should be under the same parent folder. 


-backupTarget Specifies the storage location that contains the backup that 
you want to recover. This parameter is useful when the 
location is different from where backups of this computer are 
usually stored. 


-machine Specifies the name of the computer that you want to recover 
the backup for. This parameter must be used when the - 
backupTarget parameter is specified. The -machine 
parameter is useful when multiple computers have been 
backed up to the same location. 


PARAMETER 


-recovery Target 


-recursive 


-overwrite 


-notRestoreAcl 


-skipBadClusterCheck 


-noRollForward 


-quiet 


Remarks 


DESCRIPTION 


Specifies the location to restore to. This parameter is useful if 
this location is different than the location that was previously 
backed up. It can also be used for restorations of volumes, 
files, or apps. If you're restoring a volume, you can specify the 
volume drive letter of the alternate volume. If you're restoring 
a file or app, you can specify an alternate recovery location. 


Valid only when recovering files. Recovers the files in the 
folders and all files subordinate to the specified folders. By 
default, only files which reside directly in the specified folders 
are recovered. 


Valid only when recovering files. Specifies the action to take 
when a file that is being recovered already exists in the same 
location. The valid options are: 
e Skip - Causes Windows Server Backup to skip the 
existing file and continue with recovery of the next file. 
e CreateCopy - Causes Windows Server Backup to 
create a copy of the existing file so that the existing file 
is not modified. 
e Overwrite - Causes Windows Server Backup to 
overwrite the existing file with the file from the 
backup. 


Valid only when recovering files. Specifies to not restore the 
security access control lists (ACLs) of the files being recovered 
from the backup. By default, the security ACLs are restored 
(the default value is true). If this parameter is used, the ACLs 
for the restored files will be inherited from the location to 
which the files are being restored. 


Valid only when recovering volumes. Skips checking the disks 
you are recovering to for bad cluster information. If you are 
recovering to an alternate server or hardware, we recommend 
that you don't use this parameter. You can manually run the 
command chkdsk /b on these disks at any time to check 
them for bad clusters, and then update the file system 
information accordingly. 


Important: Until you run chkdsk /b, the bad clusters 
reported on your recovered system might not be 
accurate. 


Valid only when recovering apps. Allows for previous point-in- 
time recovery of an app if you select the latest version from 
the backups. Previous point-in-time recovery is done as the 
default for all other non-latest versions of the app. 


Runs the command without prompts to the user. 


e To view a list of items available to recover from a specific backup version, run the wbadmin get items 


command. If a volume didn't have a mount point or drive letter at the time of backup, then this command 


returns a GUID-based volume name that should be used for recovering the volume. 


e |f you use a value of ADIFM to perform an install from media operation to recover the related data needed 


for Active Directory Domain Services, ADIFM creates a copy of the Active Directory database, registry, and 


SYSVOL state, and then saves this information in the location specified by -recoveryTarget. Use this 
parameter only when -recoveryTarget is specified. 


Examples 


To run a recovery of the backup from March 31, 2020, taken at 9:00 A.M., of volume d; type: 
wbadmin start recovery -version:@3/31/2020-09:00 -itemType:Volume -items:d: 

To run a recovery to drive d of the backup from March 31, 2020, taken at 9:00 A.M., of the registry, type: 
wbadmin start recovery -version:@3/31/2020-09:00 -itemType:App -items:Registry -recoverytarget:d:\ 


To run a recovery of the backup from March 31, 2020, taken at 9:00 A.M., of the d:\folder and folders subordinate 
to d:\folder, type: 


wbadmin start recovery -version:@3/31/2020-09:00 -itemType:File -items:d:\folder -recursive 


To run a recovery of the backup from March 31, 2020, taken at 9:00 A.M., of the volume 
\\?\Volume{cc566d14-44a0-11d9-9d93-806e66e6963}\ , type: 


wbadmin start recovery -version:03/31/2020-09:00 -itemType:Volume -items:\\?\Volume{cc566d14-44a@-11d9-9d93- 
806e6F6e6963}\ 


To run a recovery of the backup from April 30, 2020, taken at 9:00 A.M., of the shared folder \\servername\share 
from server01, type: 


wbadmin start recovery -version:04/30/2020-09:00 -backupTarget:\\servername\share -machine:server@1 


Additional References 


e Command-Line Syntax Key 

e wbadmin command 

e Start-WBFileRecovery 

e Start-WBHyperVRecovery 

e Start-WBSystemStateRecovery 


e Start-WBVolumeRecovery 


wbadmin start sysrecovery 
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Performs a system recovery (bare metal recovery) using your specified parameters. 


To perform a system recovery using this command, you must be a member of the Backup Operators group or 
the Administrators group, or you must have been delegated the appropriate permissions. 





IMPORTANT 


The wbadmin start sysrecovery command must be run from the Windows Recovery Console, and isn't listed in the 


default usage text for the wbadmin tool. For more information, see Windows Recovery Environment (WinRE). 





Syntax 


wbadmin start sysrecovery -version:<VersionIdentifier> -backupTarget:{<BackupDestinationVolume> | 
<NetworkShareHostingBackup>} [-machine:<BackupMachineName>] [-restoreAllVolumes] [-recreateDisks] [- 
excludeDisks] [-skipBadClusterCheck] [-quiet] 


Parameters 


PARAMETER DESCRIPTION 


-version Specifies the version identifier of the backup to recover in 
MM/DD/YYYY-HH:MM format. If you don't know the version 
identifier, run the wbadmin get versions command. 


-backupTarget Specifies the storage location that contains the backup(s) you 
want to recover. This parameter is useful when the storage 
location is different from where backups of this computer are 
usually stored. 


-machine Specifies the name of the computer that you want to recover 
the backup for. This parameter must be used when the - 
backupTarget parameter is specified. The -machine 
parameter is useful when multiple computers have been 
backed up to the same location. 


-restoreAllVolumes Recovers all volumes from the selected backup. If this 
parameter is not specified, only critical volumes (volumes that 
contain the system state and operating system components) 
are recovered. This parameter is useful when you need to 
recover non-critical volumes during system recovery. 


-recreateDisks Recovers a disk configuration to the state that existed when 
the backup was created. 


Warning: This parameter deletes all data on volumes 


that host operating system components. It might also 
delete data from data volumes. 


PARAMETER 


-excludeDisks 


-skipBadClusterCheck 


-quiet 


Examples 


DESCRIPTION 


Valid only when specified with the -recreateDisks parameter 
and must be input as a comma-delimited list of disk identifiers 
(as listed in the output of the wbadmin get disks command). 
Excluded disks aren't partitioned or formatted. This parameter 
helps preserve data on disks that you don't want modified 
during the recovery operation. 


Valid only when recovering volumes. Skips checking the disks 
you are recovering to for bad cluster information. If you are 
recovering to an alternate server or hardware, we recommend 
that you don't use this parameter. You can manually run the 
command chkdsk /b on these disks at any time to check 
them for bad clusters, and then update the file system 
information accordingly. 


Important: Until you run chkdsk /b, the bad clusters 
reported on your recovered system might not be 
accurate. 


Runs the command without prompts to the user. 


To start recovering the information from the backup that was run on March 31, 2020 at 9:00 A.M., located on drive 


d; type: 


wbadmin start sysrecovery -version:03/31/2020-09:00 -backupTarget:d: 


To start recovering the information from the backup that was run on April 30, 2020 at 9:00 A.M., located in the 


shared folder \\servername\share for server01, type: 


wbadmin start sysrecovery -version:04/30/2020-09:00 -backupTarget:\\servername\share -machine:server@1 


Additional References 


e Command-Line Syntax Key 
e wbadmin command 


e Get-WBBareMetalRecovery 


wbadmin start systemstatebackup 
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Creates a system state backup of the local computer and stores it on the location specified. 


To perform a system state backup using this command, you must be a member of the Backup Operators group 
or the Administrators group, or you must have been delegated the appropriate permissions. In addition, you 
must run wbadmin from an elevated command prompt, by right-clicking Command Prompt, and then selecting 
Run as administrator. 





NOTE 


Windows Server Backup doesn't back up or recover registry user hives (HKEY_CURRENT_USER) as part of system state 
backup or system state recovery. 





Syntax 


wbadmin start systemstatebackup -backupTarget:<VolumeName> [-quiet] 


Parameters 
PARAMETER DESCRIPTION 
-backupTarget Specifies the location where you want to store the backup. 
The storage location requires a drive letter or a GUID-based 
volume of the format: \\?\Volume{*GUID*} . Use the 
command -backuptarget:\\servername\sharedfolder\ to 
store system state backups. 
-quiet Runs the command without prompts to the user. 
Examples 


To create a system state backup and store it on volume f, type: 


wbadmin start systemstatebackup -backupTarget:f: 


Additional References 
e Command-Line Syntax Key 
e wbadmin command 


e Start-WBBackup 


wbadmin start systemstaterecovery 
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Performs a system state recovery to a location and from a backup that you specify. 


To perform a system state recovery using this command, you must be a member of the Backup Operators group 
or the Administrators group, or you must have been delegated the appropriate permissions. In addition, you 
must run wbadmin from an elevated command prompt, by right-clicking Command Prompt, and then selecting 
Run as administrator. 





NOTE 
Windows Server Backup doesn't back up or recover registry user hives (HKEY_CURRENT_USER) as part of system state 


backup or system state recovery. 





Syntax 


wbadmin start systemstaterecovery -version:<VersionIdentifier> -showsummary [-backupTarget: 
{<BackupDestinationVolume> | <NetworkSharePath>}] 
[-machine:<BackupMachineName>] [-recoveryTarget:<TargetPathForRecovery>] [-authsysvol] [-autoReboot] [-quiet] 


Parameters 


PARAMETER DESCRIPTION 


-version Specifies the version identifier of the backup to recover in 
MM/DD/YYYY-HH:MM format. If you don't know the version 
identifier, run the wbadmin get versions command. 


-showsummary Reports the summary of the last system state recovery (after 
the restart required to finish the operation). This parameter 
can't be accompanied by any other parameters. 


-backupTarget Specifies the storage location with the backup(s) you want to 
recover. This parameter is useful when the storage location is 
different from where backups are usually stored. 


-machine Specifies the name of the computer to recover the backup for. 
This parameter must be used when the -backupTarget 
parameter is specified. The -machine parameter is useful 
when multiple computers have been backed up to the same 
location. 


-recoveryTarget Specifies what directory to restore to. This parameter is useful 
if the backup is restored to an alternate location. 


-authsysvol Performs an authoritative restore of the System Volume 
(sysvol) shared directory. 


PARAMETER DESCRIPTION 


-autoReboot Specifies to restart the system at the end of the system state 
recovery operation. This parameter is valid only for a recovery 
to the original location. We don't recommend you use this 
parameter if you need to perform steps after the recovery 
operation. 


-quiet Runs the command without prompts to the user. 
Examples 
To start a system state recovery of the backup from 03/31/2020 at 9:00 A.M., type: 


wbadmin start systemstaterecovery -version:03/31/2020-09:00 


To start a system state recovery of the backup from 04/30/2020 at 9:00 A.M. that is stored on the shared resource 
\\servername\share for server01, type: 


wbadmin start systemstaterecovery -version:04/30/2013-09:0@ -backupTarget:\\servername\share -machine:server@1 


Additional References 


e Command-Line Syntax Key 
e wbadmin command 


e Start-WBSystemStateRecovery 


wbadmin stop job 
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Cancels the backup or recovery operation that is currently running. 





IMPORTANT 


Canceled operations can't be restarted. You must run a canceled backup or a recovery operation from the beginning again. 





To stop a backup or recovery operation using this command, you must be a member of the Backup Operators 
group or the Administrators group, or you must have been delegated the appropriate permissions. In addition, 
you must run wbadmin from an elevated command prompt, by right-clicking Command Prompt, and then 
selecting Run as administrator. 


Syntax 


wbadmin stop job [-quiet] 


Parameters 
PARAMETER DESCRIPTION 
-quiet Runs the command without prompts to the user. 


Additional References 
e Command-Line Syntax Key 


e wbadmin command 


wdsutil 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Wdsutil is a command-line utility used for managing your Windows Deployment Services server. To run these 


commands, click start, right-click Command prompt, and click Run as administrator. 


Commands 


COMMAND 
wdsutil add command 
wdsutil approve-autoadddevices command 


wdsutil convert-riprepimage command 


wdsutil copy command 


wdsutil delete-autoadddevices command 


wdsutil disable command 


wdsutil disconnect-client command 


wdsutil enable command 
wdsutil export-image command 
wdsutil get command 


wdsutil initialize-server command 


wdsutil new command 


wdsutil progress command 


wdsutil reject-autoadddevices command 


wdsutil remove command 


DESCRIPTION 


Adds objects or prestages computers. 


Approves computers that are pending administrator approval. 


Converts an existing remote Installation Preparation (RIPrep) 
image to a Windows Image (.wim) file. 


Copies an image or a driver group. 


Deletes computers that are in the Auto-add database (which 
stores information about the computers on the server). 


Disables all services for Windows Deployment Services. 


Disconnects a client from a multicast transmission or 
namespace. 


Enables all services for Windows Deployment Services. 


Exports an image from the image store to a .wim file. 


Retrieves properties and attributes about the specified object. 


Configures a Windows Deployment Services server for initial 
use. 


creates new capture and discover images as well as multicast 
transmissions and namespaces. 


Displays the progress status while a command is being 
executed. 


Rejects computers that are pending administrator approval. 


removes objects. 


COMMAND 


wdsutil replace-image command 


wdsutil set command 


wdsutil start server command 


wdsutil stop server command 


wdsutil uninitialize-server command 


wdsutil update-serverfiles command 


wdsutil verbose command 


DESCRIPTION 


replaces a boot or installation image with a new version of 
that image. 


Sets properties and attributes on the specified object. 


starts all services on the Windows Deployment Services 
server, including multicast transmissions, namespaces, and the 
Transport Server. 


Stops all services on the Windows Deployment Services server. 


reverts changes made during server initialization. 


Updates server files on the remotelnstall share. 


Displays verbose output for the specified command. 


wdsutil add commands 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Parameters 


PARAMETER 

wdsutil add-device command 

wdsutil add-image command 

wdsutil add-imagegroup command 

wdsutil add-drivergrouppackage command 
wdsutil add-drivergrouppackages command 
wdsutil add-driverpackage command 


wdsutil add-imagedriverpackage command 


wdsutil add-imagedriverpackages command 


wdsutil add-alldriverpackages subcommand 
wdsutil add-drivergroup command 


wdsutil add-drivergroupfilter command 


Additional References 
e Command-Line Syntax Key 


e Windows Deployment Services cmdlets 


DESCRIPTION 


Pre-stages a computer in active directory. 


Adds boot or installation images. 


Adds an image group. 


Adds a driver package to a driver group. 


Adds driver packages to a driver group. 


Adds a driver package to the server. 


Adds a driver package that is in the driver store to an existing 
boot image on the server. 


Adds driver packages from the driver store to a boot image 
on the server. 


Adds driver packages from a folder to a server. 


Adds a driver group to a server. 


Adds a filter to a driver group on a server. 


wdsutil add-alldriverpackages 
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Adds all driver packages that are stored in a folder to a server. 


Syntax 


wdsutil /Add-AllDriverPackages /FolderPath:<folderpath> [/Server:<servername>] [/Architecture:{x86 | ia64 | 


x64)] [/DriverGroup:<groupname>] 


Parameters 


PARAMETER 


/FolderPath: <folderpath> 


[/Server: <servername> ] 


[/Architecture: {x86|ia64|x64} ] 


[/DriverGroup: <groupname> ] 


Examples 


To add driver packages, type either: 


DESCRIPTION 


Specifies the full path to the folder that contains the .inf files 
for the driver packages. 


Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If no server name is specified, the local 
server is used. 


Specifies the architecture type for the driver package. 


Specifies the name of the driver group to which the packages 
should be added. 


wdsutil /verbose /Add-AllDriverPackages /FolderPath:C:\Temp\Drivers /Architecture: x86 


wdsutil /Add-AllDriverPackages /FolderPath:C:\Temp\Drivers\Printers /DriverGroup:Printer Drivers 


Additional References 


e Command-Line Syntax Key 
e Windows Deployment Services cmdlets 


e@ Add-WdsDriverPackage 


wdsutil add-device 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Pre-stages a computer in Active Directory Domain Services (AD DS). Pre-staged computers are also called known 
computers. This allows you to configure properties to control the installation for the client. For example, you can 
configure the network boot program and the unattend file that the client should receive, as well as the server from 
which the client should download the network boot program. 


Syntax 


wdsutil /add-Device /Device:<Devicename> /ID:<UUID | MAC address> [/ReferralServer:<Servername> ] 
[/BootProgram:<Relativepath>] [/WdsClientUnattend:<Relativepath>] [/User:<Domain\User | User@Domain>] 
[/JoinRights:{JoinOnly | Full}] [/JoinDomain:{Yes | No}] [/BootImagepath:<Relativepath>] [/OU:<DN of OU>] 
[/Domain: <Domain> ] 


Parameters 


PARAMETER DESCRIPTION 


/Device: <Devicename> Specifies the name of the device to be added. 


/ID: <uUID|MAC address> Specifies either the GUID/UUID or the MAC address of the 
computer. A GUID/UUID must be in one of two formats: 
Binary string ( /ID: ACEFA3E81F20694E953EB2DAA1E8B1B6 ) or 
GUID string ( /ID: E8A3EFAC-201F -4E69-953E-B2DAA1E8B1B6 ). 
A MAC address must be in the following format: 
00B056882FDC (no dashes) or 0O0-BO-56-88-2F-DC 
(with dashes) 


[/ReferralServer: <Servername> ] Specifies the name of the server to be contacted to download 
the network boot program and the boot image by using 
Trivial File Transfer Protocol (tftp). 


[/BootProgram: <Relativepath> ] Specifies the relative path from the remotelnstall folder to 
the network boot program that this computer should receive. 
For example: boot\x86\pxeboot.com 


[/WdsClientUnattend: «Relativepath> ] Specifies the relative path from the remotelnstall folder to 
the unattended installation file that automates the installation 
screens of the Windows Deployment Services client. 


[/User: <Domain\User|User@Domain> ] Sets permissions on the computer account object to give the 
specified user the necessary rights to join the computer to the 
domain. 


PARAMETER 


(JoinRights: (Joinonly|Full) ] 


[/JoinDomain: {Yes |No} ] 


[/BootImagepath: <Relativepath> ] 


[/OU: <DN of OU> ] 


[/Domain: <Domain> ] 


Examples 


To add a computer by using a MAC address, type: 


DESCRIPTION 


Specifies the type of rights to be assigned to the user. 

e JoinOnly - Requires the administrator to reset the 
computer account before the user can join the 
computer to the domain. 

e Full - Gives full access to the user, which includes the 
right to join the computer to the domain. 


Specifies whether the computer should be joined to the 
domain as this computer account during operating system 
installation. The default value is Yes. 


Specifies the relative path from the remotelnstall folder to 
the boot image that this computer should use. 


The distinguished name of the organizational unit where the 
computer account object should be created. For example: 
OU=MyOU,CN=Test, DC=Domain,DC=com. The default 
location is the default computer's container. 


The domain where the computer account object should be 
created. The default location is the local domain. 


wdsutil /add-Device /Device:computer1 /ID:0@-B@-56-88-2F-DC 


To add a computer by using a GUID string, type: 


wdsutil /add-Device /Device:computer1 /ID:{E8A3EFAC-201F -4E69-953F -B2DAA1E8B1B6} /ReferralServer:WDSServer1 
/BootProgram: boot\x86\pxeboot.com/WDSClientUnattend:WDSClientUnattend\unattend. xml 
/User:Domain\MyUser/JoinRights:Full /BootImagepath: boot \x86\images\boot.wim 


/OU:0U=MyOU, CN=Test , DC=Domain, DC=com 


Additional References 


e Command-Line Syntax Key 

e wdsutil get-alldevices command 

e wdsutil get-device command 

e wdsutil set-device command 

e Windows Deployment Services cmdlets 


e New-WdsClient 


wdsutil add-drivergroup 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Adds a driver group to the server. 


Syntax 


wdsutil /add-DriverGroup /DriverGroup:<Groupname>\n\ [/Server:<Servername>] [/Enabled:{Yes | No}] 
[/Applicability:{Matched | All}] [/Filtertype:<Filtertype> /Policy:{Include | Exclude} /Value:<Value> [/Value: 
<Value> ...]] 


Parameters 

PARAMETER DESCRIPTION 

/DriverGroup: <Groupname> Specifies the name of the new driver group. 

/Server: <Servername> Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If no server name is specified, the local 
server is used. 

/Enabled: {Yes |No} Enables or disables the package. 

/Applicability: {Matched |A11} Specifies which packages to install if the filter criteria are met. 
Matched means install only the driver packages that match a 
client s hardware. All means install all the packages to clients 
regardless of their hardware. 

/Filtertype: <Filtertype> Specifies the type of the filter to add to the group. You can 
specify multiple filter types in a single command. Each filter 
type must be followed by /Policy and at least one /Value. 
Valid values include: 
© BiosVendor 
e Biosversion 
& Chassistype 
e Manufacturer 
e Uuid 
e Osversion 
e Osedition 
e OsLanguage 
For information about getting values for all other filter types, 
see Driver Group Filters. 

[/Policy: {Include| exclude} ] Specifies the policy to be set on the filter. If /Policy is set to 


Include, client computers that match the filter are allowed to 
install the drivers in this group. If /Policy is set to Exclude, 
then client computers that match the filter are not allowed to 
install the drivers in this group. 


PARAMETER DESCRIPTION 


[/Value: <value> ] Specifies the client value that corresponds to /Filtertype. You 
can specify multiple values for a single type. For information 
about acceptable filter type values, see Driver Group Filters. 


Examples 


To add a driver group, type either: 


wdsutil /add-DriverGroup /DriverGroup:printerdrivers /Enabled:Yes 


wdsutil /add-DriverGroup /DriverGroup:printerdrivers /Applicability:All /Filtertype:Manufacturer 
/Policy:Include /Value:Namel /Filtertype:Chassistype /Policy:Exclude /Value:Tower /Value:MiniTower 


Additional References 


e Command-Line Syntax Key 

e wdsutil add-drivergrouppackage command 
e wdsutil add-drivergrouppackages command 
e wdsutil add-drivergroupfilter command 


e Windows Deployment Services cmdlets 


add-DriverGroupFilter 
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Adds a filter to a driver group on a server. 


Syntax 


wdsutil /Add-DriverGroupFilter /DriverGroup:<Group Name> [/Server:<Server name>] /FilterType:<Filter Type> 
/Policy:{Include | Exclude} /Value:<Value> [/Value:<Value> ...] 


Parameters 

PARAMETER DESCRIPTION 

/DriverGroup: <Groupname> Specifies the name of the new driver group. 

/Server: <Servername> Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If no server name is specified, the local 
server is used. 

/Filtertype: <Filtertype> Specifies the type of the filter to add to the group. You can 
specify multiple filter types in a single command. Each filter 
type must be followed by /Policy and at least one /Value. 
Valid values include: 
© BiosVendor 
e Biosversion 
© Chassistype 
e Manufacturer 
e Uuid 
* Osversion 
e Osedition 
e OsLanguage 
For information about getting values for all other filter types, 
see Driver Group Filters. 

[/Policy: {Include|Exclude} ] Specifies the policy to be set on the filter. If /Policy is set to 
Include, client computers that match the filter are allowed to 
install the drivers in this group. If /Policy is set to Exclude, 
then client computers that match the filter are not allowed to 
install the drivers in this group. 

[/Value: <value> ] Specifies the client value that corresponds to /Filtertype. You 
can specify multiple values for a single type. For information 
about acceptable filter type values, see Driver Group Filters. 

Examples 


To add a filter to a driver group, type either: 


wdsutil /Add-DriverGroupFilter /DriverGroup:PrinterDrivers /FilterType:Manufacturer /Policy:Include 
/Value:Name1 /Value:Name2 


wdsutil /Add-DriverGroupFilter /DriverGroup:PrinterDrivers /FilterType:Manufacturer /Policy: Include 
/Value:Name1 /FilterType:ChassisType /Policy:Exclude /Value:Tower /Value:MiniTower 


Additional References 


e Command-Line Syntax Key 


wdsutil add-drivergrouppackage command 


wdsutil add-drivergrouppackages command 


wdsutil add-drivergroup command 


Windows Deployment Services cmdlets 


wdsutil add-drivergrouppackage 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Adds a driver package to a driver group. 


Syntax 


wdsutil /add-DriverGroupPackage /DriverGroup:<Group Name> [/Server:<Server Name>] (/DriverPackage:<Name> | 
/PackageId:<ID>) 


Parameters 

PARAMETER DESCRIPTION 

/DriverGroup: <Groupname> Specifies the name of the new driver group. 

/Server: <Servername> Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If no server name is specified, the local 
server is used. 

/DriverPackage: <Name> Specifies the name of the driver package to be added to the 
group. You must specify this option if the driver package 
cannot be uniquely identified by name. 

/Packageld: <1D> Specifies the ID for a package. To find the Package ID, select 
the driver group that the package is in (or the All Packages 
node), right-click the package, and then select Properties. 
The Package ID is listed on the General tab, for example: 
{DD098D20-1850-4fc8-8E35-EA24A1BEFF5E}. 

Examples 


To add a driver group package, type either: 


wdsutil /add-DriverGroupPackage /DriverGroup:printerdrivers /Packageld: {4D36E972-E325-11CE-Bfc1-08002BE10318} 


wdsutil /add-DriverGroupPackage /DriverGroup:printerdrivers /DriverPackage: XYZ 


Additional References 


e Command-Line Syntax Key 
e wdsutil add-drivergroupfilter command 


e wdsutil add-drivergrouppackages command 


e wdsutil add-drivergroup command 


e Windows Deployment Services cmdlets 


wdsutil add-drivergrouppackages 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Adds driver group packages. 


Syntax 


wdsutil /add-DriverGroupPackages /DriverGroup:<Group Name> [/Server:<Server Name>] /Filtertype:<Filter type> 
/Operator:{Equal | NotEqual | GreaterOrEqual | LessOrEqual | Contains} /Value:<Value> [/Value:<Value>] 


Parameters 

PARAMETER DESCRIPTION 

/DriverGroup: <Groupname> Specifies the name of the new driver group. 

/Server: <Servername> Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If no server name is specified, the local 
server is used. 

/Filtertype: <Filtertype> Specifies the type of the driver package to search for. You can 


specify multiple attributes in a single command. You must also 
specify /Operator and /Value with this option. Valid values 
include: 

e Packageld 

* PackageName 

@ PackageEnabled 

e@ Packagedateadded 

e PackagelnfFilename 

e PackageClass 


PackageProvider 


© PackageArchitecture 
© PackageLocale 

e PackageSigned 

© PackagedatePublished 
e Packageversion 

e Driverdescription 

@ DriverManufacturer 
© DriverHardwareld 
e Drivercompatibleld 
e DriverExcludeld 

e DriverGroupld 

e DriverGroupName** 


PARAMETER DESCRIPTION 


/Operator: Specifies the relationship between the attribute and the 
{Equal |NotEqual|GreaterOrEqual|LessOrEqual|Contains} values. You can only specify Contains with string attributes. 
You can only specify Equal, NotEqual, GreaterOrEqual and 
LessOrEqual with date and version attributes. 


/Nalue: <Value> Specifies the client value corresponding to /Filtertype. You 
can specify multiple values for a single /Filtertype. The 
available values for each filter are: 

e Packageld - Specify a valid GUID. For example: 
(4d36e972-e325-11ce-bfc1-08002be10318) 

e PackageName - Specify any string value 

e PackageEnabled - Specify Yes or No 

© Packagedateadded - Specify the date in the 
following format: YYYY/MM/DD 

e PackagelnfFilename - Specify any string value 

e@ PackageClass - Specify a valid class name or class 
GUID. For example: DiskDrive, Net, or {4d36e972- 
e325-11ce-bfc1-08002be10318) 

e PackageProvider - Specify any string value 

e@ PackageArchitecture - Specify x86, x64, or ia64 

e PackageLocale - Specify a valid language identifier. 
For example: en-US or es-ES 

e PackageSigned - Specify Yes or No 

e PackagedatePublished - Specify the date in the 
following format: YYYY/MM/DD 

e Packageversion - Specify the version in the following 
format: a.b.x.y. For example: 6.1.0.0 

e Driverdescription - Specify any string value 

e DriverManufacturer - Specify any string value 

e DriverHardwareld - Specify any string value 

e Drivercompatibleld - Specify any string value 

e DriverExcludeld - Specify any string value 

e DriverGroupld - Specify a valid GUID. For example: 
(4d36e972-e325-11ce-bfc1-08002be10318) 

e DriverGroupName - Specify any string value 


For more information about these values, see Driver and 
Package attributes. 


Examples 


To add a driver group package, type either: 


wdsutil /verbose /add-DriverGroupPackages /DriverGroup:printerdrivers /Filtertype:PackageClass /Operator:Equal 
/Value:printer /Filtertype:DriverManufacturer /Operator:NotEqual /Value:Name1 /Value:Name2 


wdsutil /verbose /add-DriverGroupPackages /DriverGroup:DisplayDriversX86 /Filtertype:PackageClass 
/Operator:Equal /Value:Display /Filtertype:PackageArchitecture /Operator:Equal /Value: x86 
/Filtertype:Packagedateadded /Operator:LessOrEqual /Value: 2008/01/01 


Additional References 


e Command-Line Syntax Key 


e wdsutil add-driverpackage command 


e wdsutil add-drivergrouppackage command 
e wdsutil add-alldriverpackages command 


e Windows Deployment Services cmdlets 


add-DriverPackage 
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Adds a driver package to the server. 


Syntax 


wdsutil /Add-DriverPackage /InfFile:<Inf File path> [/Server:<Server name>] [/Architecture:{x86 | ia64 | x64}] 
[/DriverGroup:<Group Name>] [/Name:<Friendly Name>] 


Parameters 

PARAMETER DESCRIPTION 

/InfFile: <InfFilepath> Specifies the full path of the .inf file to add. 

[/Server: <Servername> ] Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If no server name is specified, the local 
server is used. 

[/Architecture: {x86 | ia64 | x64} ] Specifies the architecture type for the driver package. 

[/DriverGroup: <groupname> ] Specifies the name of the driver group to which the packages 
should be added. 

[/Name: <friendlyname> ] Specifies the friendly name for the driver package. 

Examples 


To add a driver package, type either: 


wdsutil /verbose /Add-DriverPackage /InfFile:C:\Temp\Display. inf 


wdsutil /Add-DriverPackage /Server:MyWDSServer /InfFile:C:\Temp\Display.inf /Architecture: x86 
/DriverGroup:x86Drivers /Name:Display Driver 


Additional References 


e Command-Line Syntax Key 


wdsutil add-drivergrouppackage command 


wdsutil add-alldriverpackages command 


Windows Deployment Services cmdlets 


wdsutil add-image 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Adds images to a Windows Deployment Services server. 


Syntax 


For boot images, use the following syntax: 


wdsutil /add-Image imageFile:<wim file path> [/Server:<Server name> imagetype:Boot [/Skipverify] [/Name: 
<Image name>] [/Description:<Image description>] [/Filename:<New wim file name>] 


For install images, use the following syntax: 


wdsutil /add-Image imageFile:<wim filepath> [/Server:<Servername>] imagetype:Install [/Skipverify] 
imageGroup:<Image group name>] [/SingleImage:<Single image name>] [/Name:<Name>] [/Description:<Description>] 
[/Filename:<File name>] [/UnattendFile:<Unattend file path>] 


Parameters 

PARAMETER DESCRIPTION 

imageFile: <.wim filepath> Specifies the full path and file name of the Windows Image 
(wim) file that contains the images to be added. 

[/Server: <Servername> ] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
a server name is not specified, the local server is used. 

imagetype: {Boot | Install} Specifies the type of images to be added. 

[/Skipverify] Specifies that integrity verification will not be performed on 
the source image file before the image is added. 

[/Name: <Name> ] Sets the display name of the image. 

[/Description: <Description> ] Sets the description of the image. 

[/Filename: <Filename> ] Specifies the new file name for the .wim file. This enables you 


to change the filename of the .wim file when adding the 
image. If you don't specify a filename, the source image 
filename is used. In all cases, Windows Deployment Services 
checks to determine whether the file name is unique in the 
boot image store of the destination computer. 


PARAMETER 


\imageGroup: <Imagegroupname> ] 


[/Singlelmage: <Singleimagename> ] [/Name: <Name> ] 
[/Description: <Description> ] 


[/UnattendFile: <unattendfilepath> ] 


Examples 


To add a boot image, type: 


DESCRIPTION 


Specifies the name of the image group in which the images 
are to be added. If more than one image group exists on the 
server, the image group must be specified. If you don't specify 
the image group, and an image group doesn't already exist, a 
new image group is created. Otherwise, the existing image 
group is used. 


Copies the specified single image out of a .wim file, and sets 
the image's display name and description. 


Specifies the full path to the unattended installation file to be 
associated with the images that are being added. If 
/Singlelmage isn't specified, the same unattend file is 
associated with all of the images in the .wim file. 


wdsutil /add-Image imageFile:C:\MyFolder\Boot.wim imagetype:Boot 
wdsutil /verbose /Progress /add-Image imageFile:\\MyServer\Share\Boot.wim /Server:MyWDSServer imagetype:Boot 
/Name:My WinPE Image /Description:WinPE Image containing the WDS Client /Filename:WDSBoot.wim 


To add an install image, type one of the following: 


wdsutil /add-Image imageFile:C:\MyFolder\Install.wim imagetype:Install 
wdsutil /verbose /Progress /add-Image imageFile:\\MyServer\Share \Install.wim /Server:MyWDSServer 


imagetype:Instal imageGroup: ImageGroup1 


/SingleImage:Windows Pro /Name:My WDS Image /Description:Windows Pro image with Microsoft Office 


/Filename:Win Pro.wim /UnattendFile:\\server\share\unattend. xml 


Additional References 


Command-Line Syntax Key 
wdsutil copy-image command 
wdsutil export-image command 
wdsutil get-image command 
wdsutil remove-image command 
wdsutil replace-image command 
wdsutil set-image command 


Windows Deployment Services cmdlets 


wdsutil add-imagedriverpackage 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Adds a driver package that is in the driver store to an existing boot image on the server. 


Syntax 


wdsutil /add-ImageDriverPackage [/Server:<Servername>] [media:<Imagename>] [mediatype:Boot] [/Architecture: 
{x86 | ia64 | x64}] [/Filename:<Filename>] {/DriverPackage:<Package Name> | /PackageId:<ID>} 


Parameters 

PARAMETER DESCRIPTION 

[/Server: <Servername> ] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If a 
server name is not specified, the local server is used. 

[media: <Imagename> ] Specifies the name of the image to add the driver to. 

[mediatype:Boot] Specifies the type of image to add the driver to. Driver 
packages can only be added to boot images. 

[/Architecture: (x86 | ia64 | x64) ] Specifies the architecture of the boot image. Because it's 
possible to have the same image name for boot images in 
different architectures, you should specify the architecture to 
ensure the correct image is used. 

[/Filename: <Filename> ] Specifies the name of the file. If the image cannot be uniquely 
identified by name, the file name must be specified. 

[/DriverPackage: <Name> Specifies the name of the driver package to add to the image. 

[/Packageld: <1D> ] Specifies the Windows Deployment Services ID of the driver 
package. You must specify this option if the driver package 
can't be uniquely identified by name. To find the Package ID, 
select the driver group that the package is in (or the All 
Packages node), right-click the package, and then select 
Properties. The Package ID is listed on the General tab. For 
example: {DD098D20-1850-4fc8-8E35-EA24A1 BEFF5E}. 

Examples 


To add a driver package to a boot image, type either: 


wdsutil /add-ImageDriverPackagmedia:WinPE Boot Imagemediatype:Boot /Architecture:x86 /DriverPackage: XYZ 


wdsutil /verbose /add-ImageDriverPackagmedia:WinPE Boot Image /Server:MyWDSServemediatype:Boot 
/Architecture:x64 /Packageld: {4D36E972-E325-11CE-Bfc1-08002BE10318} 


Additional References 


e Command-Line Syntax Key 
e wdsutil add-imagedriverpackages command 


e Windows Deployment Services cmdlets 


wdsutil add-imagedriverpackages 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Adds driver packages from the driver store to a boot image. 


Syntax 


wdsutil /add-ImageDriverPackages [/Server:<Server name>media:<Image namemediatype:Boot /Architecture:(x86 | 
ia64 | x64) [/Filename:<File name>] /Filtertype:<Filter type> /Operator:(Equal | NotEqual | GreaterorEqual | 
LessOrEqual | Contains} /Value:<Value> [/Value:<Value> ...] 


Parameters 

PARAMETER DESCRIPTION 

[/Server: <Servername> ] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If a 
server name is not specified, the local server is used. 

[media: <Imagename> ] Specifies the name of the image to add the driver to. 

[mediatype:Boot] Specifies the type of image to add the driver to. Driver 
packages can only be added to boot images. 

[/Architecture: {x86 | ia64 | x64} ] Specifies the architecture of the boot image. Because it's 
possible to have the same image name for boot images in 
different architectures, you should specify the architecture to 
ensure the correct image is used. 

[/Filename: <Filename> ] Specifies the name of the file. If the image cannot be uniquely 


identified by name, the file name must be specified. 


PARAMETER 


/Filtertype: <Filtertype> 


/Operator: 


{Equal|NotEqual|GreaterOrEqual|LessOrEqual|Contains} 


DESCRIPTION 


Specifies the attribute of the driver package to search for. You 
can specify multiple attributes in a single command. You must 
also specify /Operator and /Value with this option. Valid 
values include: 


* Packageld 

e PackageName 

e@ PackageEnabled 

e Packagedateadded 
e@ PackagelnfFilename 
e PackageClass 


PackageProvider 


e@ PackageArchitecture 
e@ PackageLocale 

* PackageSigned 

* PackagedatePublished 
* Packageversion 

© Driverdescription 

@ DriverManufacturer 
@ DriverHardwareld 

© Drivercompatibleld 
@ DriverExcludeld 

© DriverGroupld 

*e DriverGroupName** 


Specifies the relationship between the attribute and the 
values. You can only specify Contains with string attributes. 
You can only specify GreaterOrEqual and LessOrEqual 
with date and version attributes. 


PARAMETER 


/Nalue: <Value> 


Examples 


DESCRIPTION 


Specifies the value to search for relative to the specified 
<attribute> . You can specify multiple values for a single 


/Filtertype. The available values for each filter are: 


Packageld - Specify a valid GUID. For example: 
(4d36e972-e325-11ce-bfc1-08002be10318) 
PackageName - Specify any string value 
PackageEnabled - Specify Yes or No 
Packagedateadded - Specify the date in the 
following format: YYYY/MM/DD 
PackagelnfFilename - Specify any string value 
PackageClass - Specify a valid class name or class 
GUID. For example: DiskDrive, Net, or (4d36e972- 
e325-11ce-bfc1-08002be10318) 
PackageProvider - Specify any string value 
PackageArchitecture - Specify x86, x64, or ia64 
PackageLocale - Specify a valid language identifier. 
For example: en-US or es-ES 

PackageSigned - Specify Yes or No 
PackagedatePublished - Specify the date in the 
following format: YYYY/MM/DD 

Packageversion - Specify the version in the following 
format: a.b.x.y. For example: 6.1.0.0 
Driverdescription - Specify any string value 
DriverManufacturer - Specify any string value 
DriverHardwareld - Specify any string value 
Drivercompatibleld - Specify any string value 
DriverExcludeld - Specify any string value 
DriverGroupld - Specify a valid GUID. For example: 
(4d36e972-e325-11ce-bfc1-08002be10318) 
DriverGroupName - Specify any string value 


For more information about these values, see Driver and 
Package attributes. 


To add driver packages to a boot image, type one of the following: 


wdsutil /add-ImageDriverPackagemedia:WinPE Boot Imagemediatype:Boot /Architecture:x86 


/Filtertype:DriverGroupName /Operator:Equal /Value:x86Bus /Filtertype:PackageProvider /Operator:Contains 


/Value:Provider1 /Filtertype:Packageversion /Operator:GreaterOrEqual /Value:6.1.0.0 


wdsutil /verbose /add-ImageDriverPackagemedia: WinPE Boot Image /Server:MyWDSServemediatype: Boot 


/Architecture:x64 /Filtertype:PackageClass /Operator:Equal /Value:Net /Filtertype:DriverManufacturer 


/Operator:NotEqual /Value:Name1 /Value:Name2 /Filtertype:Packagedateadded /Operator:LessOrEqual 


/Value: 2008/01/01 


wdsutil /verbose /add-ImageDriverPackagemedia:WinPE Boot Image /Server:MyWDSServemediatype: Boot 


/Architecture:x64 /Filtertype:PackageClass /Operator:Equal /Value:Net /Value:System /Value:DiskDrive 


/Value:HDC /Value:SCSIAdapter 


Additional References 


e Command-Line Syntax Key 


wdsutil add-imagedriverpackage command 


wdsutil add-alldriverpackages command 


Windows Deployment Services cmdlets 


wdsutil add-imagegroup 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Adds an image group to a Windows Deployment Services ser ver. 


Syntax 


wdsutil [Options] /add-ImageGroup imageGroup:<Imagegroupname> [/Server:<Server name>] 


Parameters 

PARAMETER DESCRIPTION 

imageGroup: <Imagegroupname> ] Specifies the name of the image to be added. 

[/Server: <Servername> ] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If a 
server name is not specified, the local server is used. 

Examples 


To add an image group, type either: 


wdsutil /add-ImageGroup imageGroup:ImageGroup2 


wdsutil /verbose /add-Imagegroup imageGroup:My Image Group /Server:MyWDSServer 


Additional References 

e Command-Line Syntax Key 

e wdsutil get-allimagegroups command 
e wdsutil get-imagegroup command 

e wdsutil remove-imagegroup command 
e wdsutil setimagegroup command 


e Windows Deployment Services cmdlets 


wasutil approve-autoadddevices 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Approves computers that are pending administrative approval. When the Auto-add policy is enabled, 
administrative approval is required before unknown computers (those that are not pre-staged) can install an 
image. You can enable this policy using the PXE Response tab of the server s properties page. 


Syntax 


wdsutil [Options] /Approve-AutoaddDevices [/Server:<Server name>] /RequestId:{<Request ID>| ALL} 
[/MachineName:<Device name>] [/OU:<DN of OU>] [/User:<Domain\User | User@Domain>] [/JoinRights:{JoinOnly | 
Full}] [/JoinDomain:{Yes | No}] [/ReferralServer:<Server name>] [/BootProgram:<Relative path>] 
[/WdsClientUnattend:<Relative path>] [/BootImagepath:<Relative path>] 


Parameters 


PARAMETER DESCRIPTION 


/Server: <Servername> Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If no server name is specified, the local 
server is used. 


/Requestld: {Request ID|ALL} Specifies the request ID assigned to the pending computer. 
Specify ALL to approve all pending computers. 


/Machinename: <Devicename> Specifies the name of the device to be added. You can't use 
this option when approving all computers. 


[/OU: <DN of OU> ] The distinguished name of the organizational unit where the 
computer account object should be created. For example: 
OU=MyOU,CN=Test, DC=Domain,DC=com. The default 
location is the default computer's container. 


[/User: <Domain\User|User@Domain> ] Sets permissions on the computer account object to give the 
specified user the necessary rights to join the computer to the 
domain. 


(JoinRights: {Joinonly|Full} ] Specifies the type of rights to be assigned to the user. 

e JoinOnly - Requires the administrator to reset the 
computer account before the user can join the 
computer to the domain. 

e Full - Gives full access to the user, which includes the 
right to join the computer to the domain. 


[/JoinDomain: (Yes |No) ] Specifies whether the computer should be joined to the 
domain as this computer account during operating system 
installation. The default value is Yes. 


PARAMETER DESCRIPTION 


[/ReferralServer: <Servername> ] Specifies the name of the server to contact to download the 
network boot program and boot image by using Trivial File 
Transfer Protocol (tftp). 


[/BootProgram: <Relativepath> ] Specifies the relative path from the remotelnstall folder to 
the network boot program that this computer should receive. 
For example: boot\x86\pxeboot.com. 


[WdsClientUnattend: <Relativepath> ] Specifies the relative path from the remotelnstall folder to 
the unattend file that automates the Windows Deployment 
Services client. 


[/BootImagepath: <Relativepath> ] Specifies the relative path from the remotelnstall folder to the 
boot image that this computer should receive. 


Examples 


To approve the computer with a Requestld of 12, type: 


wdsutil /Approve-AutoaddDevices /RequestId:12 


To approve the computer with a RequestID of 20 and to deploy the image with the specified settings, type: 


wdsutil /Approve-AutoaddDevices /RequestId:20 /MachineName:computer1 /OU:0U=Test, CN=company ,DC=Domain,DC=Com 
/User:Domain\User1 


/JoinRights:Full /ReferralServer:MyWDSServer /BootProgram: boot \x86\pxeboot .n12 
/WdsClientUnattend:wDSClientUnattend\Unattend. xml /BootImagepath: boot\x86\images\boot.wim 


To approve all pending computers, type: 


wdsutil /verbose /Approve-AutoaddDevices /RequestId:ALL 


Additional References 


e Command-Line Syntax Key 

e wdsutil delete-autoadddevices command 
e wdsutil get-autoadddevices command 

e wdsutil reject-autoadddevices command 


e Windows Deployment Services cmdlets 


convert-riprepimage 
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Converts an existing Remote Installation Preparation (RIPrep) image to Windows Image (wim) format. 


Syntax 


wdsutil [Options] /Convert-RIPrepImage /FilePath:<Filepath and name> /DestinationImage /FilePath:<Filepath and 
name> [/Name:<Name>] [/Description:<Description>] [/InPlace] [/Overwrite:(Yes | No | Append)] 


Parameters 


PARAMETER DESCRIPTION 


/FilePath: <Filepath and name> Specifies the full filepath and name of the .sif file that 
corresponds to the RIPrep image. This file is typically called 
Riprep.sif and is found in the \Templates subfolder of the 
folder that contains the RIPrep image. 


/Destinationlmage Specifies the settings for the destination image. Uses the 
following options; 

e /FilePath:<Filepath and name> - Sets the full file 
path for the new file. For example: 
C:\Temp\convert.wim 

© [ /Name:<Name> ] - Sets the display name of the image. 
If no display name is specified, the display name of the 
source image is used. 

e [ /Description:<Description> ] - Sets the description 
of the image. 

e [/InPlace] - Specifies that the conversion should take 
place on the original RIPrep image and not on a copy 
of the original image, which is the default behavior. 

e [ /Overwrite:{Yes | No | Append} - Sets whether 
this image should overwrite or append any existing 
files. 


Examples 


To convert the specified RIPrep.sif image to RIPREPwim, type: 


wdsutil /Convert-RiPrepImage /FilePath:R:\RemoteInstall\Setup\English 
\Images\Win2k3.SP1\i386\Templates\riprep.sif /DestinationImage /FilePath:C:\Temp\RIPREP.wim 


To convert the specified RIPrep.sif image to RIPREPwim with the specified name and description, and overwrite it 
with the new file if a file already exists, type: 


wdsutil /Verbose /Progress /Convert-RiPrepImage /FilePath:\\Server 
\RemInst\Setup\English\Images\WinXP.SP2\i386\Templates\riprep.sif /DestinationImage 
/FilePath:\\Server\Share\RIPREP.wim /Name:WindowsXP image /Description:Converted RIPREP image of WindowsXP 
/Overwrite:Append 


Additional References 
e Command-Line Syntax Key 


e Windows Deployment Services cmdlets 


wdsutil copy commands 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Copies an image or a driver group. 











Parameters 
PARAMETER DESCRIPTION 
wdsutil copy-image command Copies images that are within the same image group. 
wdsutil copy-drivergroup command Copies an existing driver group on the server. 


Additional References 


e Command-Line Syntax Key 


e Windows Deployment Services cmdlets 


copy-drivergroup 
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Duplicates an existing driver group on the server including the filters, driver packages, and enabled/disabled status. 


Syntax 


wdsutil /Copy-DriverGroup [/Server:<Server name>] /DriverGroup:<Source Groupname> /GroupName:<New Groupname> 


Parameters 
PARAMETER DESCRIPTION 
/Server: <Servername> Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If no server name is specified, the local 
server is used. 
/DriverGroup: <Source Groupname> Specifies the name of the source driver group. 
/GroupName: <New Groupname> Specifies the name of the new driver group. 
Examples 


To copy a driver group, type either: 


wdsutil /Copy-DriverGroup /Server:MyWdsServer /DriverGroup:PrinterDrivers /GroupName:X86PrinterDrivers 


wdsutil /Copy-DriverGroup /DriverGroup:PrinterDrivers /GroupName:ColorPrinterDrivers 


Additional References 


e Command-Line Syntax Key 


e Windows Deployment Services cmdlets 


wadsutil copy-image 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Copies images that are within the same image group. To copy images between image groups, use the wdsutil 
Export-lmage command command and then the wdsutil add-lmage command command. 


Syntax 


wdsutil [Options] /copy-Image image:<Image name> [/Server:<Server name>] imagetype:Install imageGroup:<Image 
group name>] [/Filename:<File name>] /DestinationImage /Name:<Name> /Filename:<File name> [/Description: 


<Description>] 
Parameters 

PARAMETER DESCRIPTION 

image: <Imagename> Specifies the name of the image to be copied. 

[/Server: <Servername> ] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server is used. 

imagetype:Install Specifies the type of image to be copied. This option must be 
set to install. 

\imageGroup: <Image groupname> ] Specifies the image group that contains the image to be 
copied. If no image group is specified and only one group 
exists on the server, that image group is used by default. If 
more than one image group exists on the server, you must 
specify the image group. 

[/Filename: <Filename> ] Specifies the file name of the image to be copied. If the source 
image cannot be uniquely identified by name, you must 
specify the file name. 

/Destinationlmage Specifies the settings for the destination image. The valid 
values are: 

e /Name: <Name> - Sets the display name of the image 
to be copied. 
e /Filename: <Filename> - Sets the name of the 
destination image file that will contain the image copy. 
e [/Description: <Description> ] - Sets the description 
of the image copy. 
Examples 


To create a copy of the specified image and name it WindowsVista.wim, type: 


wdsutil /copy-Image image:Windows Vista with Office imagetype:Install /DestinationImage /Name:copy of Windows 
Vista with Office / Filename:WindowsVista.wim 


To create a copy of the specified image, apply the specified settings, and name the copy WindowsVista.wim, type: 


wdsutil /verbose /Progress /copy-Image image:Windows Vista with Office /Server:MyWDSServe imagetype: Install 
imageGroup: ImageGroup1 

/Filename:install.wim /DestinationImage /Name:copy of Windows Vista with Office /Filename:WindowsVista.wim 
/Description:This is a copy of the original Windows image with Office installed 


Additional References 


e Command-Line Syntax Key 

e wdsutil add-image command 

e wdsutil export-image command 
e wdsutil get image command 

e wdsutil remove-image command 
e wdsutil replace-image command 
e wdsutil setimage command 


e Windows Deployment Services cmdlets 


wdsutil delete-autoadddevices 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Deletes computers that are pending, rejected, or approved from the auto-add database. This database stores 
information about these computers on the server. 


Syntax 


wdsutil /delete-AutoaddDevices [/Server:<Servername>] /Devicetype:{PendingDevices | RejectedDevices 


| ApprovedDevices} 
Parameters 
PARAMETER DESCRIPTION 
[/Server: <Servername> ] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 
/Devicetype: Specifies the type of computer to delete from the database. 
(PendingDevices|RejectedDevices|ApprovedDevices) This type can be PendingDevices, which returns all 
computers in the database that have a status of pending, 
RejectedDevices, which returns all computers in the 
database that have a status of rejected, or 
ApprovedDevices, which returns all computers that have a 
status of approved. 
Examples 


To delete all rejected computers, type: 
wdsutil /delete-AutoaddDevices /Devicetype:RejectedDevices 
To delete all approved computers, type: 


wdsutil /verbose /delete-AutoaddDevices /Server:MyWDSServer /Devicetype:ApprovedDevices 


Additional References 


e Command-Line Syntax Key 
e wdsutil approve-autoadddevices command 
e wdsutil get-autoadddevices command 


e wdsutil reject-autoadddevices command 


e Windows Deployment Services cmdlets 


wdsutil disable commands 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Disables all services for Windows Deployment Services. 


Parameters 
PARAMETER DESCRIPTION 
wdsutil disable-server command Disables all Windows Deployment Services services on a 
specified server (Deployment Server). 
wdsutil disable-transportserver command Disables all Windows Deployment Services services on a 


specified Transport Server. 


Additional References 


e Command-Line Syntax Key 


e Windows Deployment Services cmdlets 


wdsutil disable-server 
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Disables all services for a Windows Deployment Services server. 


Syntax 


wdsutil [Options] /Disable-Server [/Server:<Server name>] 


Parameters 
PARAMETER DESCRIPTION 
[/Server: <Servername> ] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 
Examples 


To disable the server, type either: 


wdsutil /Disable-Server 


wdsutil /Verbose /Disable-Server /Server:MyWDSServer 


Additional References 
e Command-Line Syntax Key 


e Windows Deployment Services cmdlets 


wdsutil disable-transportser ver 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Disables all services for a Transport Server. 


Syntax 


wdsutil [Options] /Disable-TransportServer [/Server:<Servername>] 


Parameters 
PARAMETER DESCRIPTION 
[/Server: <Servername> ] Specifies the name of the Transport Server to be disabled. This 
can be either the NetBIOS name or the fully qualified domain 
name (FQDN). If no Transport Server name is specified, the 
local server will be used. 
Examples 


To disable the server, type either: 


wdsutil /Disable-TransportServer 


wdsutil /verbose /Disable-TransportServer /Server:MyWDSServer 


Additional References 

e Command-Line Syntax Key 

e wdsutil enable-transportserver command 
e wdsutil get-transportserver command 

e wdsutil set-transportserver command 

e wdsutil start-transportserver command 

e wdsutil stop-transportserver command 


e Windows Deployment Services cmdlets 


wdsutil disconnect-dlient 
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Disconnects a client from a multicast transmission or namespace. Unless you specify /Force, the client will fall back 
to another transfer method (if it's supported by the client). 


Syntax 


wdsutil /Disconnect-Client /ClientId:<Client ID> [/Server:<Server name>] [/Force] 


Parameters 


PARAMETER DESCRIPTION 


/Clientld: <clientID> Specifies the ID of the client to be disconnected. To view the ID 
of a client, run the 
wdsutil /get-multicasttransmission /show:clients 


command. 


[/Server: <Servername> ] Specifies the name of the server. This can be the NetBIOS 
name or the fully qualified domain name (FQDN). If no server 
name is specified, the local server is used. 


[/Force] Stops the installation completely and does not use a fallback 
method. Because Wdsmcast.exe doesn't support any fallback 
mechanism, the default behavior is as follows: 

e If you're using the Windows Deployment 
Services client: The client continues the installation 
by using unicasting. 

e If you aren't using the Windows Deployment 
Services client: The installation fails. 


Important: We strongly recommend using this parameter 
cautiously because if the installation fails, the computer can be 
left in an unusable state. 


Examples 


To disconnect a client, type: 
wdsutil /Disconnect-Client /ClientId:1 
To disconnect a client and force the installation to fail, type: 


wdsutil /Disconnect-Client /Server:MyWDSServer /ClientId:1 /Force 


Additional References 


e Command-Line Syntax Key 


e wdsutil get-multicasttransmission command 


e Windows Deployment Services cmdlets 


wdsutil enable commands 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Enables all services for Windows Deployment Services. 


Parameters 
PARAMETER DESCRIPTION 
wdsutil enable-server command Enables all services on a specified Windows Deployment 
Services server (Deployment Server). 
wdsutil enable-transportserver command Enables all services on a specified Transport Server. 


Additional References 


e Command-Line Syntax Key 


e Windows Deployment Services cmdlets 


wdsutil enable-server 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Enables all services for Windows Deployment Services. 


Syntax 


wdsutil [options] /Enable-Server [/Server:<Servername>] 


Parameters 
PARAMETER DESCRIPTION 
[/Server: <Servername> ] Specifies the name of the server. This can be the NetBIOS 
name or the fully qualified domain name (FQDN). If no server 
name is specified, the local server is used. 
Examples 


To enable the services on the server, type either: 


wdsutil /Enable-Server 


wdsutil /verbose /Enable-Server /Server:MyWDSServer 


Additional References 


e Command-Line Syntax Key 

e wdsutil disable-server command 

e wdsutil get-Server command 

e wdsutil initialize-server command 

e wdsutil set-server command 

e wdsutil start-server command 

e wdsutil stop-server command 

e wdsutil uninitialize-server command 


e Windows Deployment Services cmdlets 


wdsutil enable-transportserver 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Enables all services for the Transport Server. 


Syntax 


wdsutil [options] /Enable-TransportServer [/Server:<Servername>] 


Parameters 
PARAMETER DESCRIPTION 
[/Server: <Servername> ] Specifies the name of the server. This can be the NetBIOS 
name or the fully qualified domain name (FQDN). If no server 
name is specified, the local server is used. 
Examples 


To enable the services on the server, type either: 


wdsutil /Enable-TransportServer 


wdsutil /verbose /Enable-TransportServer /Server:MyWDSServer 


Additional References 


e Command-Line Syntax Key 

e wdsutil disable-transportserver command 
e wdsutil get-transportserver command 

e wdsutil set-transportserver command 

e wdsutil start-transportserver command 

e wdsutil stop-transportserver command 


e Windows Deployment Services cmdlets 


wdsutil export-image 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Exports an existing image from the image store to another Windows Image (.wim) file. 


Syntax 


For boot images: 


wdsutil [options] /Export-Image image:<Image name> [/Server:<Servername>] 
imagetype:Boot /Architecture:{x86 | ia64 | x64} [/Filename:<Filename>] 
/DestinationImage 
/Filepath:<Filepath and name> 
[/Name:<Name> ] 
[/Description:<Description>] 
[/Overwrite:{Yes | No}] 


For install images: 


wdsutil [options] /Export-Image image:<Image name> [/Server:<Servername> ] 
imagetype:Install imageGroup:<Image group name>] 
[/Filename:<Filename>] 
/DestinationImage 
/Filepath:<Filepath and name> 
[/Name:<Name> ] 
[/Description:<Description>] 
[/Overwrite:{Yes | No | append}] 


Parameters 

PARAMETER DESCRIPTION 

image: <Imagename> Specifies the name of the image to be exported. 

[/Server: <Servername> ] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 

imagetype: (Boot |Install) Specifies the type of image to be exported. 

\imageGroup: <Image group name> ] Specifies the image group containing the image to be 


exported. If no image group name is specified and only one 
image group exists on the server, that image group will be 
used by default. If more than one image group exists on the 
server, the image group must be specified. 


PARAMETER 


/Architecture: (x86|ia64|x64) 


[/Filename: <Filename> ] 


/Destinationlmage 


[/Overwrite: (Yes |No|append) ] 


Examples 


To export a boot image, type either: 


DESCRIPTION 


Specifies the architecture of the image to be exported. 
Because it is possible to have the same image name for boot 
images in different architectures, specifying the architecture 
value ensures that the correct image will be returned. 


if the image cannot be uniquely identified by name, the file 
name must be specified. 


Specifies the settings for the destination image. You can 

specify these settings using the following options: 

e /Filepath:<Filepath and name> - Specifies the full 
file path for the new image. 

e [/Name:<Name>] - Sets the display name of the 
image. If no name is specified, the display name of the 
source image will be used. 

e [/Description: <Description>] - Sets the 
description of the image. 


Determines whether the file specified in the 
/DestinationImage option will be overwritten if an existing 
file with that name already exists at the /Filepath. The Yes 
option causes the existing file to be overwritten, the No 
option (default) causes an error to occur if a file with the 
same name already exists, and the append option causes the 
generated image to be appended as a new image within the 
existing .wim file. 


wdsutil /Export-Image image:WinPE boot image imagetype:Boot /Architecture:x86 /DestinationImage 


/Filepath:C:\temp\boot.wim 


wdsutil /verbose /Progress /Export-Image image:WinPE boot image /Server:MyWDSServer imagetype: Boot 


/Architecture:x64 /Filename:boot.wim /DestinationImage /Filepath: \\Server\Share\ExportImage.wim 


/Name:Exported WinPE image /Description:WinPE Image from WDS server /Overwrite:Yes 


To export an install image, type either: 


wdsutil /Export-Image image:Windows Vista with Office imagetype:Install /DestinationImage 


/Filepath:C:\Temp\Install.wim 


wdsutil /verbose /Progress /Export-Image image:Windows Vista with Office /Server:MyWDSServer imagetype:Instal 


imageGroup:ImageGroup1 /Filename:install.wim /DestinationImage /Filepath:\\server\share\export.wim 


/Name:Exported Windows image /Description:Windows Vista image from WDS server /Overwrite: append 


Additional References 


e Command-Line Syntax Key 


wdsutil add-image command 
wdsutil copy-image command 
wdsutil get-image command 
wdsutil remove-image command 
wdsutil replace-image command 
wdsutil set-image command 


Windows Deployment Services cmdlets 


wdsutil get 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Retrieves properties or attributes about the specified object. 


Subcommands 


SUBCOMMAND 

wdsutil get-alldevices command 

wdsutil get-alll magegroups command 

wdsutil get-allimages command 

wdsutil get-allmulticasttransmissions command 
wdsutil get-allnamespaces command 


wdsutil get-allservers command 


wdsutil get-autoadddevices command 


wdsutil get-device command 

wdsutil get-image command 

wdsutil get-imagefile command 

wdsutil get-imagegroup command 

wdsutil get-multicasttransmission command 
wdsutil get-namespace command 


wdsutil get-server command 


wdsutil get-transportserver command 
wdsutil get-driverpackage command 


wdsutil get-alldrivergroups command 


DESCRIPTION 


Displays information about all prestaged computers. 


Displays information about all image groups. 


Displays information about all images. 


Displays the attributes of all multicast transmissions. 


Displays the attributes of all namespaces. 


Displays information about all Windows Deployment Services 
servers. 


Displays computers that are pending administrative approval 
on a specified server. 


Displays the attributes of an pending computer. 


Displays the attributes of an existing image. 


Displays information about images in a specified .wim file. 


Displays information about a specified image group. 


Displays the attributes of a specified multicast transmission. 


Displays the attributes of a specified namespace. 


Displays information about a specified Windows Deployment 
Services server. 


Displays information about a specified Transport Server. 


Displays information about driver packages on a server. 


Displays information about all the driver groups on server. 


SUBCOMMAND 


wdsutil get-drivergroup command 


wdsutil get-alldriverpackages command 


wdsutil get-driverpackagefile command 


DESCRIPTION 


Displays information about driver groups on a server. 


Displays information about all the driver packages on a server 
that match the specified search criteria. 


Displays information about a driver package, including the 
drivers and files it contains. 


wdsutil get-alldevices 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays the Windows Deployment Services properties of all pre-staged computers. A pre-staged computer is a 
physical computer that has been linked to a computer account in active directory Domain Services. 


Syntax 


wdsutil [options] /get-alldevices [/forest:{Yes | No}] [/referralserver:<servername> ] 


Parameters 
PARAMETER DESCRIPTION 
[/forest:{Yes | No}] Specifies whether Windows Deployment Services should 
return computers in the entire forest or the local domain. The 
default setting is No, meaning that only the computers in the 
local domain are returned. 
[/referralserver:<servername>] Returns only those computers that are pre-staged for the 
specified server. 
Examples 


To view all computers, type either: 


wdsutil /get-alldevices 


wdsutil /verbose /get-alldevices /forest:Yes /referralserver:MyWDSServer 


Additional References 
e Command-Line Syntax Key 

e wdsutil set-device command 

e wdsutil add-device command 


e wdsutil get-device command 


wdsutil get-alldrivergroups 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about all the driver groups on a server. 


Syntax 


wdsutil /get-alldrivergroups [/server:<servername>] [/show:{packagemetadata | filters | all}] 


Parameters 
PARAMETER DESCRIPTION 

[/server:<servername> ] Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If a server name is not specified, the local 
server is used. 

/show:{packagemetadata | filters | all}] Displays the metadata for all the driver packages in the 
specified group. PackageMetaData displays information 
about all the filters for the driver group. Filters displays the 
metadata for all driver packages and filters for the group. 

Examples 


To view information about a driver file, type either: 


wdsutil /get-alldrivergroups /server:MyWdsServer /show:All 


wdsutil /get-alldrivergroups [/show:packagemetadata] 


Additional References 


e Command-Line Syntax Key 


e wdsutil get-drivergroup command 


wdsutil get-alldriverpackages 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Displays information about all the driver packages on a server that match the specified search criteria. 


Syntax 


wdsutil /get-alldriverpackages [/server:<servername>] [/show:{drivers | files | all}] [/filtertype: 
<filtertype> /operator:{equal | notequal | greaterorequal | lessorequal | contains} /value:<value> [/value: 


<value> ...]] 


Parameters 


PARAMETER 


[/server:<servername> ] 


[/show:{drivers | files | all}] 


/filtertype:<filtertype> 


DESCRIPTION 


The name of the server. This can be the NetBIOS name or the 
FQDN. If a server name isn't specified, the local server is used. 


Indicates the package information to display. If /show isn't 
specified, the default is to return only the driver package 
metadata. Drivers displays the list of drivers in the package, 
files displays the list of files in the package, and all displays 
drivers and files. 


Specifies the attribute of the driver package to search for. You 
can specify multiple attributes in a single command. You must 
also specify /operator and /value with this option. 


The <filtertype> can be one of the following: 


e Packageld 

e@ PackageName 

@ PackageEnabled 

e Packagedateadded 
e PackagelnfFilename 
e PackageClass 

e PackageProvider 

e PackageArchitecture 
e PackageLocale 

e PackageSigned 

e PackagedatePublished 
e Packageversion 

e Driverdescription 

6 DriverManufacturer 
@ DriverHardwareld 
© Drivercompatibleld 
© DriverGroupld 

e DriverGroupName 


PARAMETER 


/operator:{equal | notequal | greaterorequal | 
lessorequal | contains) 


/value:<value> 


Examples 


To display information, type either: 


DESCRIPTION 


Specifies the relationship between the attribute and the 
values. You can specify contains only with string attributes. 
You can specify greaterorequal and lessorequal only with 
date and version attributes. 


Specifies the value to search on for the specified 

<attribute> . You can specify multiple values for a single 

/filtertype. The list below outlines the attributes you can 

specify for each filter For more information about these 

attributes, see Driver and Package attributes. The attributes 
can include: 

e Packageld. Specifies a valid GUID. For example: 
{4d36e972-e325-11ce-bfcl -08002be10318}. 

e PackageName. Specifies any string value. 

e PackageEnabled. Specifies Yes or No. 

e Packagedateadded. Specifies the date in the 
following format: YYYY/MM/DD 

e PackagelnfFilename. Specifies any string value. 

e PackageClass. Specifies a valid class name or class 
GUID. For example: DiskDrive, Net, or {4d36e972- 
e325-11ce-bfc1-08002be103 18}. 

e PackageProvider. Specifies any string value. 

e PackageArchitecture. Specifies x86, x64, or ia64. 

e PackagLocale. Specifies a valid language identifier. For 
example: en-US or es-ES. 

e PackageSigned. Specifies Yes or No. 

e PackagedatePublished. Specifies the date in the 
following format: YYYY/MM/DD. 

e Packageversion. Specifies the version in the following 
format: a.b.x.y. For example: 6.1.0.0. 

e Driverdescription. Specifies any string value. 

e DriverManufacturer. Specifies any string value. 

e DriverHardwareld. Specifies any string value. 

e Drivercompatibleld. Specifies any string value. 

e DriverExcludeld. Specifies any string value. 

e DriverGroupld. Specifies a valid GUID. For example: 
{4d36e972-e325-1 1ce-bfcl -08002be10318}. 

e DriverGroupName. Specifies any string value. 


wdsutil /get-alldriverpackages /server:MyWdsServer /show:all /filtertype:drivergroupname /operator: contains 


/value:printer /filtertype:packagearchitecture /operator:equal /value:x64 /value:x86 


wdsutil /get-alldriverpackages /show:drivers /filtertype:packagedateadded /operator:greaterorequal 


/value: 2008/01/21 


Additional References 


e Command-Line Syntax Key 


e wdsutil get-driverpackage command 


e wdsutil get-driverpackagefile command 


wdsutil get-allimagegroups 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Retrieves information about all image groups on a server and all images in those image groups. 


Syntax 


wdsutil [options] /get-allimagegroups [/server:<servername>] [/detailed] 


Parameters 
PARAMETER DESCRIPTION 
[/server:<servername>] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server is used. 
[/detailed] Returns the image metadata from each image. If this 
parameter isn't used, the default behavior is to return only the 
image name, description, and file name for each image. 
Examples 


To view information about the image groups, type either: 


wdsutil /get-allimagegroups 


wdsutil /verbose /get-allimagegroups /server:MyWDSServer /detailed 


Additional References 


e Command-Line Syntax Key 
e wdsutil add-imagegroup command 
e wdsutil remove-imagegroup command 


e wdsutil set-imagegroup command 


wdsutil get-allimages 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Retrieves information about all images on a server. 


Syntax 


wdsutil /get-allimages [/server:<servername>] /show:{boot | install | legacyris | all) [/detailed] 


Parameters 
PARAMETER DESCRIPTION 

[/server:<servername>] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server is used. 

/show:{boot | install | legacyris | all} Where boot returns only boot images, install returns install 
images as well as information about the image groups that 
contain them, LegacyRis returns only remote Installation 
Services (RIS) images, and All returns boot image information, 
install image information (including information about the 
image groups), and RIS image information. 

[/detailed] Indicates that all image metadata from each image should be 
returned. If this option is not used, the default behavior is to 
return only the image name, description, and file name. 

Examples 


To view information about the images, type either: 


wdsutil /get-allimages /show:install 


wdsutil /verbose /get-allimages /server:MyWDSServer /show:all /detailed 


Additional References 


e Command-Line Syntax Key 

e wdsutil add-image command 

e wdsutil copy-image command 
e wdsutil export-image command 


e wdsutil remove-image command 


e wdsutil replace-image command 


e wdsutil set-image command 


wdsutil get-allmulticasttransmissions 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about all multicast transmissions on a server. 


Syntax 


for Windows Server 2008: 
wdsutil /Get-AllMulticastTransmissions [/Server:<Server name>] [/Show:Clients] [/ExcludedeletePending] 
for Windows Server 2008 R2: 


wdsutil /Get-AllMulticastTransmissions [/Server:<Server name>] [/Show:(Boot | Install | All)] 
[/details:Clients] [/ExcludedeletePending] 


Parameters 


PARAMETER EXPLANATION 


[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 


[/Show] Windows Server 2008 


/Show:Clients - Displays information about client 
computers that are connected to the multicast 
transmissions. 


Windows Server 2008 R2 


Show: {Boot | Install | All} - The type of image to return. 
Boot returns only boot image transmissions. Install 
returns only install image transmissions. All returns both 
image types. 


/details:clients Only supported for Windows Server 2008 R2. If present, 
clients that are connected to the transmission will be 
displayed. 


[/ExcludedeletePending] Excludes any deactivated transmissions from the list. 
Examples 


To view information about all transmissions, type: 


e Windows Server 2008: wdsutil /Get-AllMulticastTransmissions 


e Windows Server 2008 R2: wdsutil /Get-AllMulticastTransmissions /Show:All To view information about all 
transmissions except deactivated transmissions, type: 
e Windows Server 2008: 


wdsutil /Get-AllMulticastTransmissions /Server:MyWDSServer /Show:Clients /ExcludedeletePending 


e Windows Server 2008 R2: 


wdsutil /Get-AllMulticastTransmissions /Server:MyWDSServer /Show:All /details:Clients /ExcludedeletePending 


Additional References 


e Command-Line Syntax Key 

e wdsutil get-multicasttransmission command 

e wdsutil new-multicasttransmission command 

e wdsutil remove-multicasttransmission command 


e wdsutil start-multicasttransmission command 


wdsutil get-allnamespaces 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about all namespaces on a server. 


Syntax 


Windows Server 2008: 


wdsutil /Get-AllNamespaces [/Server:<Server name>] [/ContentProvider:<name>] [/Show:Clients] 
[/ExcludedeletePending ] 


Windows Server 2008 R2: 


wdsutil /Get-AllNamespaces [/Server:<Server name>] [/ContentProvider:<name>] [/details:Clients] 
[/ExcludedeletePending ] 


Parameters 


PARAMETER WINDOWS SERVER 2008 WINDOWS SERVER 2008 R2 


[/Server:] Specifies the name of the server. This 
can be either the NetBIOS name or the 
fully qualified domain name (FQDN). If 
no server name is specified, the local 
server will be used. 


[/ContentProvider:] Displays the namespaces for the 
specified content provider only. 


[/Show:Clients] Only supported for Windows Server 
2008. Displays information about client 
computers that are connected to the 
namespace. 


[/details:Clients] Only supported for Windows Server 
2008 R2. Displays information about 
client computers that are connected to 
the namespace. 


[/ExcludedeletePending] Excludes any deactivated transmissions 
from the list. 


Examples 


To view all namespaces, type: 


wdsutil /Get-AllNamespaces 


To view all namespaces except those that are deactivated, type: 


e Windows Server 2008 


wdsutil /Get-AllNamespaces /Server:MyWDSServer /ContentProvider:MyContentProv /Show:Clients 
/ExcludedeletePending 


e Windows Server 2008 R2 


wdsutil /Get-AllNamespaces /Server:MyWDSServer /ContentProvider:MyContentProv /details:Clients 
/ExcludedeletePending 


Additional References 


e Command-Line Syntax Key 
e wdsutil new-namespace command 
e wdsutil remove-namespace command 


e wdsutil start-nmespace command 


get-AllServers 
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Retrieves information about all Windows Deployment Services servers. 





NOTE 


This command may take an extended amount of time to complete if there are many Windows Deployment Services servers 
in your environment or if the network connection linking the servers is slow. 





Syntax 


wdsutil [Options] /Get-AllServers /Show:(Config | Images | All) [/Detailed] [/Forest:(Yes | No)] 


Parameters 
PARAMETER DESCRIPTION 
/Show:{Config Images 
[/Detailed] When used in conjunction with the /Show:Images or 
/Show:All, returns all image metadata from each image. If the 
/Detailed option is not specified, the default behavior is to 
return the image name, description, and file name. 
[/Forest:{Yes No}] 
Examples 


To view information about all servers, type: 
wdsutil /Get-AllServers /Show:Config 
To view detailed information about all servers, type: 


wdsutil /Verbose /Get-AllServers /Show:All /Detailed /Forest:Yes 


Additional References 


e Command-Line Syntax Key 


wdsutil get-autoadddevices 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays all computers that are in the Auto-add database on a Windows Deployment Services server. 


Syntax 


wdsutil [Options] /Get-AutoaddDevices [/Server:<Server name>] /Devicetype:{PendingDevices | RejectedDevices 


ApprovedDevices} 
Parameters 
PARAMETER DESCRIPTION 
[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 
/Devicetype:{PendingDevices | RejectedDevices | Specifies the type of computer to return. 
ApprovedDevices} - PendingDevices returns all computers in the database 
that have a status of pending. 
- RejectedDevices returns all computers in the database 
that have a status of rejected. 
- ApprovedDevices returns all computers in the 
database that have a status of approved. 
Examples 


To see all of the approved computers, type: 
wdsutil /Get-AutoaddDevices /Devicetype:ApprovedDevices 
To see all of the rejected computers, type: 


wdsutil /verbose /Get-AutoaddDevices /Devicetype:RejectedDevices /Server:MyWDSServer 


Additional References 


e Command-Line Syntax Key 
e wdsutil delete-autoadddevices command 
e wdsutil approve-autoadddevices command 


e wdsutil reject-autoadddevices command 


wdsutil get-device 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Retrieves Windows Deployment Services information about a prestaged computer (that is, a physical computer 
that has been lined to a computer account in active directory Domain Services. 


Syntax 


wdsutil /Get-Device (/Device:<Device name> | /ID:<MAC or UUID>) [/Domain:<Domain>] [/forest:(Yes | No)] 


Parameters 


PARAMETER DESCRIPTION 
/Device: Specifies the name of the computer (SAMAccountName). 


/ID: Specifies either the MAC address or the UUID (GUID) of the 
computer, as shown in the following examples. Note that a 
valid GUID must be in one of two formats binary string or 
GUID string 
- Binary string: 
/ID:ACEFA3E81F20694E953EB2DAA1E8B1B6 
- MAC address: 00B056882FDC (no dashes) or 00-B0- 
56-88-2F-DC (with dashes) 

- GUID string: /ID:E8A3EFAC-201F-4E69-953- 
B2DAA1E8B1B6 


[/Domain:] Specifies the domain to be searched for the prestaged 
computer. The default value for this parameter is the local 
domain. 


[/forest:{Yes | No}] Specifies whether Windows Deployment Services should 
search the entire forest or the local domain. The default value 
is No, meaning that only the local domain will be searched. 


Examples 

To get information by using the computer name, type: 
wdsutil /Get-Device /Device:computer1 

To get information by using the MAC address, type: 


wdsutil /verbose /Get-Device /ID:0Ø-BØ-56-88-2F-DC /Domain:MyDomain 


To get information by using the GUID string, type: 


wdsutil /verbose /Get-Device /ID:E8A3EFAC-201F-4E69-953-B2DAA1E8B1B6 /forest:Yes 


Additional References 


Command-Line Syntax Key 


wdsutil set-device command 


wdsutil add-device command 


wdsutil get-alldevices command 


wdsutil get-drivergroup 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about the driver groups on a server. 


Syntax 


wdsutil /Get-DriverGroup /DriverGroup:<Group Name> [/Server:<Server name>] 


Parameters 

PARAMETER DESCRIPTION 

/DriverGroup: Specifies the name of the driver group. 

[/Server:] Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. if a server name is not specified, the local 
server is used. 

[/Show: {PackageMetaData | Filters | All}] Displays the metadata for all the driver packages in the 
specified group. PackageMetaData displays information 
about all the filters for the driver group. Filters displays the 
metadata for all driver packages and filters for the group. 

Examples 


To view information about a driver file, type: 


wdsutil /Get-DriverGroup /DriverGroup:printerdrivers /Show:PackageMetaData 


wdsutil /Get-DriverGroup /DriverGroup:printerdrivers /Server:MyWdsServer /Show:Filters 


Additional References 


e Command-Line Syntax Key 


e wdsutil get-alldrivergroups command 


get-DriverPackage 
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Displays information about a driver package on the server. 


Syntax 


wdsutil /Get-DriverPackage [/Server:<Server name>] {/DriverPackage:<Package Name> | /PackageId:<ID>} [/Show: 
(Drivers | Files | All)] 


Parameters 
PARAMETER DESCRIPTION 
[/Server:<Server name>] Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If no server name is specified, the local 
server is used. 
[/DriverPackage:<Name>] Specifies the name of the driver package to show. 
[/Packageld:<ID>] Specifies the Windows Deployment Services ID of the driver 
package to show. You must specify the ID if the driver package 
cannot be uniquely identified by name. 
[/Show: {Drivers Files 
Examples 


To view information about a driver package, type one of the following: 


wdsutil /Get-DriverPackage /PackagelId: {4D36E972-E325-11CE-BFC1-08002BE10318} 


wdsutil /Get-DriverPackage /DriverPackage:MyDriverPackage /Show:All 


Additional References 


e Command-Line Syntax Key 


wdsutil get-image 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Retrieves information about an image. 


Syntax 


for boot images: 


wdsutil [Options] /Get-Image image:<Image name> [/Server:<Server name> imagetype:Boot /Architecture:(x86 | 
ia64 | x64) [/Filename:<File name>] 


for install images: 


wdsutil [Options] /Get-image image:<Image name> [/Server:<Server name> imagetype:Install imagegroup:<Image 
group name>] [/Filename:<File name>] 


Parameters 

PARAMETER DESCRIPTION 

\image: Specifies the name of the image. 

[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 

imagetype:(Boot | Install} Specifies the type of image. 

/Architecture:(x86 | ia64 | x64) Specifies the architecture of the image. Because it is possible 
to have the same image name for boot images in different 
architectures, specifying the architecture value ensures that 
the correct image is returned. 

[/Filename:] if the image cannot be uniquely identified by name, you must 
use this option to specify the file name. 

\imagegroup:] Specifies the image group that contains the image. If no 
image group is specified and only one image group exists on 
the server, that group will be used. If more than one image 
group exists on the server, you must use this parameter to 
specify the image group. 

Examples 


To retrieve information about a boot image, type one of the following: 


wdsutil /Get-Image image:WinPE boot imagetype:Boot /Architecture:x86 
wdsutil /verbose /Get-Image image:WinPE boot image /Server:MyWDSServer imagetype:Boot /Architecture:x86 
/Filename:boot.wim 


To retrieve information about an install image, type one of the following: 


wdsutil /Get-Image:Windows Vista with Office imagetype:Install 
wdsutil /verbose /Get-Image:Windows Vista with Office /Server:MyWDSServer imagetype:Install 
imagegroup:ImageGroup1 /Filename:install.wim 


Additional References 


e Command-Line Syntax Key 

e wdsutil add-image command 

e wdsutil copy-image command 

e wdsutil export-image command 
e wdsutil remove-image command 
e wdsutil replace-image command 


e wdsutil set-image command 


get-ImageFile 
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Retrieves information about the images contained in a Windows Image (.wim) file. 


Syntax 


wdsutil [Options] /Get-ImageFile /ImageFile:<wim file path> [/Detailed] 


Parameters 
PARAMETER DESCRIPTION 
/ImageFile:< WIM file path> Specifies the full path and file name of the .wim file. 
[/Detailed] Returns all image metadata from each image. If this option is 
not used, the default behavior is to return only the image 
name, description, and file name. 
Examples 


To view information about an image, type: 
wdsutil /Get-ImageFile /ImageFile:C:\temp\install.wim 
To view detailed information, type: 
wdsutil /Verbose /Get-ImageFile /ImageFile:\\Server\Share\My Folder \install.wim /Detailed 


Additional References 


e Command-Line Syntax Key 


wdsutil get imagegroup 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Retrieves information about an image group and the images within it. 


Syntax 


wdsutil [Options] /Get-ImageGroup ImageGroup:<Image group name> [/Server:<Server name>] [/detailed] 


Parameters 

PARAMETER DESCRIPTION 

/ImageGroup: Specifies the name of the image group. 

[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 

[/detailed] Returns the image metadata for each image. If this parameter 
is not use, the default behavior is to return only the image 
name, description, and file name. 

Examples 


To view information about an image group, type: 
wdsutil /Get-ImageGroup ImageGroup: ImageGroup1 
To view information including metadata, type: 


wdsutil /verbose /Get-ImageGroup ImageGroup:ImageGroup1 /Server:MyWDSServer /detailed 


Additional References 


e Command-Line Syntax Key 

e wdsutil add-imagegroup command 

e wdsutil get-allimagegroups command 
e wdsutil remove-imagegroup command 


e wdsutil setimagegroup command 


wdsutil get-multicasttransmission 


11/2/2020 * 2 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about the multicast transmission for a specified image. 


Syntax 


Windows Server 2008 


wdsutil [Options] /Get-MulticastTransmissiomedia:<Image name> [/Server:<Server 
name>mediatype:InstallmediaGroup:<Image group name>] 
[/Filename:<File name>] [/Show:Clients] 


Windows Server 2008 R2 for boot image transmissions: 


wdsutil [Options] /Get-MulticastTransmissiomedia:<Image name> 
[/Server:<Server name>] 
[/details:Clients] 
mediatype:Boot 
/Architecture:{x86 | ia64 | x64} 
[/Filename:<File name>] 


for install image transmissions: 


wdsutil [Options] /Get-MulticastTransmissiomedia:<Image name> 
[/Server:<Server name>] 
[/details:Clients] 
mediatype:Install 
mediaGroup:<Image Group>] 
[/Filename:<File name>] 


Parameters 

PARAMETER DESCRIPTION 

media: Displays the multicast transmission that is associated with this 
image. 

[/Server:] Specifies the name of the server. This can be the NetBIOS 
name or the fully qualified domain name (FQDN). If no server 
name is specified, the local server is used. 

/imagetype:lnstall Specifies the image type. Note that this option must be set to 


Install. 


PARAMETER 


/imagegroup:] 


/Architecture:{x86 | ia64 | x64} 


[/Filename:] 


[/Show:Clients] 


or 


[/details:Clients] 


Examples 


DESCRIPTION 


Specifies the image group that contains the image. If no 
image group name is specified and only one image group 
exists on the server, that image group is used. If more than 
one image group exists on the server, you must use this 
option to specify an image group. 


Specifies the architecture of the boot image that is associated 
with the transmission. Because it is possible to have the same 
image name for boot images in different architectures, you 
should specify the architecture to ensure that the correct 
image is used. 


Specifies the file that contains the image. If the image cannot 
be uniquely identified by name, you must use this option to 
specify the file name. 


Displays information about client computers that are 
connected to the multicast transmission. 


Windows Server 2008 To view information about the transmission for an image named Vista with Office, type 


one of the following: 


wdsutil /Get-MulticastTransmission:Vista with Office imagetype:Install 
wdsutil /Get-MulticastTransmission /Server:MyWDSServer image:Vista with Office imagetype:Install 
imageGroup:ImageGroup1 /Filename:install.wim /Show:Clients 


Windows Server 2008 R2 To view information about the transmission for an image named Vista with Office, 


type one of the following: 


wdsutil /Get-MulticastTransmission:Vista with Office 


/Imagetype: Install 


wdsutil /Get-MulticastTransmission /Server:MyWDSServer image:Vista with Office imagetype:Install 
ImageGroup:ImageGroup1 /Filename:install.wim /details:Clients 


wdsutil /Get-MulticastTransmission /Server:MyWDSServer:X64 Boot Imagetype:Boot /Architecture: x64 


/Filename:boot.wim /details:Clients 


Additional References 


e Command-Line Syntax Key 

e wdsutil get-allmulticasttransmissions command 
e wdsutil new-multicasttransmission command 

e wdsutil remove-multicasttransmission command 


e wdsutil start-multicasttransmission command 


wdsutil get-namespace 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about a custom namespace. 


Syntax 


Windows Server 2008 R2 
wdsutil /Get-Namespace /Namespace:<Namespace name> [/Server:<Server name>] [/Show:Clients] 
Windows Server 2008 R2 


wdsutil /Get-Namespace /Namespace:<Namespace name> [/Server:<Server name>] [/details:Clients] 


Parameters 

PARAMETER DESCRIPTION 

/Namespace: Specifies the name of the namespace. Note that this is not the 
friendly name, and it must be unique. 

- Deployment Server: The syntax for namespace name is 
/Namspace:WDS://. For example: 

WDS:ImageGroup1 /install.wim/1 

- Transport Server: This value should match the name 
given to the namespace when it was created on the 
server. 

[/Server:] Specifies the name of the server. This can be the NetBIOS 
name or the fully qualified domain name (FQDN). If no server 
name is specified, the local server is used. 

[/Show:Clients] or [/details:Clients] Displays information about client computers that are 
connected to the specified namespace. 

Examples 


To view information about a namespace, type: 


wdsutil /Get-Namespace /Namespace:Custom Auto 1 


To view information about a namespace and the clients that are connected, type one of the following: 


e Windows Server 2008: wdsutil /Get-Namespace /Server:MyWDSServer /Namespace:Custom Auto 1 /Show:Clients 
e Windows Server 2008 R2: 


wdsutil /Get-Namespace /Server:MyWDSServer /Namespace:Custom Auto 1 /details:Clients 


Additional References 


e Command-Line Syntax Key 

e wdsutil get-allnamespaces command 
e wdsutil new-namespace command 

e wdsutil remove-namespace command 


e wdsutil start-namespace command 


wdsutil get-ser ver 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Retrieves information from the specified Windows Deployment Services server. 


Syntax 


wdsutil [Options] /Get-Server [/Server:<Server name>] /Show:(Config | Images | All) [/detailed] 


Parameters 


PARAMETER DESCRIPTION 


[/Server:] Specifies the name of the server. This can be the NetBIOS 
name or the fully qualified domain name (FQDN). If no server 
name is specified, the local server is used. 


/Show:{Config | Images | All} Specifies the type of information to return. 


- Config returns configuration information. 

- Images returns information about image groups, boot 
images, and install images. 

- All returns configuration information and image 
information. 


[/detailed] You can use this option with /Show:Images or /Show:All to 
indicate that all image metadata from each image should be 
returned. If the /detailed option is not used, the default 
behavior is to return the image name, description, and file 
name. 


Examples 
To view information about the server, type: 
wdsutil /Get-Server /Show:Config 
To view detailed information about the server, type: 


wdsutil /verbose /Get-Server /Server:MyWDSServer /Show:All /detailed 


Additional References 


e Command-Line Syntax Key 
e wdsutil disable-server command 


e wdsutil enable-server command 


wdsutil initialize-server command 
wdsutil set-server command 
wdsutil start-server command 
wdsutil stop-server command 


wdsutil uninitialize-server command 


wdsutil get-transportserver 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Displays information about a specified Transport Server. 


Syntax 


wdsutil [Options] /Get-TransportServer [/Server:<Server name>] /Show:(Config) 


Parameters 
PARAMETER DESCRIPTION 
[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 
/Show:{Config} Returns configuration information about the specified 
Transport Server. 
Examples 


To view information about the server, type: 
wdsutil /Get-TransportServer /Show:Config 
To view configuration information, type: 


wdsutil /Get-TransportServer /Server:MyWDSServer /Show:Config 


Additional References 


e Command-Line Syntax Key 

e wdsutil disable-transportserver command 
e wdsutil enable-transportserver command 
e wdsutil set-transportserver command 

e wdsutil start-transportserver command 


e wdsutil stop-transportserver command 


wdsutil initialize-server 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Configures a Windows Deployment Services server for initial use after the server role has been installed. After 
you run this command, you should use the wdsutil add-Image command command to add images to the server. 


Syntax 


wdsutil /Initialize-Server [/Server:<Server name>] /remInst:<Full path> [/Authorize] 


Parameters 


PARAMETER DESCRIPTION 


[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 


/reminst: Specifies the full path and name of the remotelnstall folder. If 
the specified folder does not already exist, this option will 
create it when the command is run. You should always enter a 
local path, even in the case of a remote computer. For 
example: D:\remotelnstall. 


[/Authorize] Authorizes the server in Dynamic Host Control Protocol 
(DHCP). This option is necessary only if DHCP rogue 
detection is enabled, meaning that the Windows Deployment 
Services PXE server must be authorized in DHCP before client 
computers can be serviced. Note that DHCP rogue detection 
is disabled by default. 


Examples 
To initialize the server and set the remotelnstall shared folder to the F: drive, type. 
wdsutil /Initialize-Server /remInst:F:\remoteInstall 


To initialize the server and set the remotelnstall shared folder to the C: drive, type. 


wdsutil /verbose /Progress /Initialize-Server /Server:MyWDSServer /remInst:C:\remoteInstall 


Additional References 


e Command-Line Syntax Key 


e wdsutil disable-server command 


wdsutil enable-server command 
wdsutil get-server command 
wdsutil set-server command 
wdsutil start-server command 
wdsutil stop-server command 


wdsutil uninitialize-server command 


wdsutil new 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates capture and discover images, multicast transmissions, and namespaces. 








Subcommands 
SUBCOMMAND DESCRIPTION 
wdsutil new-captureimage command creates a new capture image from an existing boot image. 
wdsutil new-discoverimage command creates a new discover image from an existing boot image. 
pr sa de creates a new multicast transmission. 





wdsutil new-namespace command creates a new namespace. 


new-Capturelmage 
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Creates a new capture image from an existing boot image. Capture images are boot images that start the Windows 
Deployment Services capture utility instead of starting Setup. When you boot a reference computer (that has been 
prepared with Sysprep) into a capture image, a wizard creates an install image of the reference computer and saves 
it as a Windows Image (.wim) file. You can also add the image to media (such as a CD, DVD, or USB drive), and then 
boot a computer from that media. After you create the install image, you can add the image to the server for PXE 
boot deployment. For more information, see Creating Images (https://go.microsoft.com/fwlink/?Linkld=115311). 


Syntax 


wdsutil [Options] /New-CaptureImage [/Server:<Server name>] 
/Image:<Image name> 
/Architecture:{x86 | ia64 | x64} 
[/Filename:<File name>] 
/DestinationImage 
/FilePath:<File path and name> 
[/Name:<Name> ] 
[/Description:<Description>] 
[/Overwrite:{Yes | No | Append}] 
[/UnattendFilePath:<File path>] 


Parameters 

PARAMETER DESCRIPTION 

[/Server:<Server name>] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 

/Image:<Image name> Specifies the name of the source boot image. 

/Architecture: {x86 ia64 

[/Filename: <Filename>] If the image cannot be uniquely identified by name, you must 
use this option to specify the file name. 

/Destinationlmage Specifies the settings for the destination image. You specify 
the settings using the following options: 
- /FilePath: <File path and name> Sets the full file path for the 
new capture image. 
- [/Name: <Name>] - Sets the display name of the image. If 
no display name is specified, the display name of the source 
image will be used. 
- [/Description: <Description>] - Sets the description of the 
image. 
- [/Overwrite: (Yes 

Examples 


To create a capture image and name it WinPECapture.wim, type: 


wdsutil /New-CaptureImage /Image:WinPE boot image /Architecture:x86 /DestinationImage 
/FilePath:C:\Temp\WinPECapture.wim 


To create a capture image and apply the specified settings, type: 


wdsutil /Verbose /Progress /New-CaptureImage /Server:MyWDSServer /Image:WinPE boot image /Architecture: x64 
/Filename: boot .wim 


/DestinationImage /FilePath:\\Server\Share\WinPECapture.wim /Name:New WinPE image /Description:WinPE image 
with capture utility /Overwrite:No /UnattendFilePath: \\Server\Share\wDSCapture. inf 


Additional References 


e Command-Line Syntax Key 


new-Discoverlmage 
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Creates a new discover image from an existing boot image. Discover images are boot images that force the 
Setup.exe program to start in Windows Deployment Services mode and then discover a Windows Deployment 
Services server. Typically these images are used to deploy images to computers that are not capable of booting to 
PXE. For more information, see Creating Images (https://go.microsoft.com/fwlink/?Linkld=115311). 


Syntax 


wdsutil [Options] /New-DiscoverImage [/Server:<Server name>] 
/Image:<Image name> 
/Architecture:{x86 | ia64 | x64} 
[/Filename:<File name>] 
/DestinationImage 
/FilePath:<File path and name> 
[/Name:<Name> ] 
[/Description:<Description>] 
[/WDSServer:<Server name>] 
[/Overwrite:{Yes | No | Append}] 


Parameters 

PARAMETER DESCRIPTION 

[/Server:<Server name>] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 

/Image:< Image name> Specifies the name of the source boot image. 

/Architecture:(x86 ia64 

[/Filename:< File name>] If the image cannot be uniquely identified by name, you must 
use this option to specify the file name. 

/Destinationlmage Specifies the settings for the destination image. You can 


specify the settings using the following options: 

- /FilePath:< File path and name> - Sets full file path for the 
new image. 

- [/Name:<Name>] - Sets the display name of the image. If no 
display name is specified, the display name of the source 
image will be used. 

- [/Description: <Description>] - Sets the description of the 
image. 

- [/WDsSServer: <Server name>] - Specifies the name of the 
server that all clients who boot from the specified image 
should contact to download the install image. By default, all 
clients who boot this image will discover a valid Windows 
Deployment Services server. Using this option bypasses the 
discovery functionality and forces the booted client to contact 
the specified server. 

- [/Overwrite:(Yes 


Examples 


To create a discover image out of boot image, and name it WinPEDiscover.wim, type: 


wdsutil /New-DiscoverImage /Image:WinPE boot image /Architecture:x86 /DestinationImage 
/FilePath:C:\Temp\WinPEDiscover.wim 


To create a discover image out of boot image, and name it WinPEDiscover.wim with the specified settings, type: 


wdsutil /Verbose /Progress /New-DiscoverImage /Server:MyWDSServer 

/Image:WinPE boot image /Architecture:x64 /Filename:boot.wim /DestinationImage 
/FilePath: \\Server\Share\WinPEDiscover.wim 

/Name:New WinPE image /Description:WinPE image for WDS Client discovery /Overwrite:No 


Additional References 


e Command-Line Syntax Key 


wdsutil new-multicasttransmission 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Creates a new multicast transmission for an image. This command is equivalent to creating a transmission by 


using the Windows Deployment Services mmc snap-in (right-click the Multicast Transmissions node, and then 


click create Multicast Transmission). You should use this command when you have both the Deployment 


Server role service and the Transport Server role service installed (which is the default installation). If you have 


only the Transport Server role service installed, use wdsutilnew-Namespace command. 


Syntax 


for install images transmissions: 


wdsutil [Options] /New-MulticastTransmissiomedia:<Image name> 


[/Server:<Server name>] 
/FriendlyName:<Friendly name> 
[/Description:<Description>] 
/Transmissiontype: {AutoCast | ScheduledCast} 
[/time:<YYYY/MM/DD:hh:mm>] 
[/Clients:<Num of Clients>] 
imagetype:Install 
ImageGroup:<Image Group>] 
[/Filename:<File name>] 


for boot image transmissions (only supported for Windows Server 2008 R2): 


wdsutil [Options] /New-MulticastTransmissiomedia:<Image name> 


[/Server:<Server name>] 
/FriendlyName:<Friendly name> 
[/Description:<Description>] 
/Transmissiontype: {AutoCast | ScheduledCast} 
[/time:<YYYY/MM/DD:hh:mm>] 
[/Clients:<Num of Clients>] 
imagetype:Boot 
/Architecture:{x86 | ia64 | x64} 
[/Filename:<File name>] 


Parameters 


PARAMETER 


/image: 


[/Server:] 


/FriendlyName: 


DESCRIPTION 


Specifies the name of the image to be transmitted using 
multicasting. 


Specifies the name of the server. This can be the NetBIOS 
name or the fully qualified domain name (FQDN). If no server 
name is specified, the local server will be used. 


Specifies the friendly name of the transmission. 


PARAMETER DESCRIPTION 
[/Description:] Specifies the description of the transmission. 


/imagetype:(Boot|Install) Specifies the type of image to be transmitted using 
multicasting. Note Boot is only supported for Windows 
Server 2008 R2. 


/ImageGroup:] Specifies the image group that contains the image. If no 
image group name is specified and only one image group 
exists on the server, that image group is used. If more than 
one image group exists on the server, you must use this 
option to specify the image group name. 


[/Filename:] Specifies the file name. If the source image cannot be uniquely 
identified by name, you must use this option to specify the 
file name. 


/Transmissiontype:{AutoCast | ScheduledCast} Specifies whether to start the transmission automatically 
(AutoCast) or based on the specified start criteria 
(ScheduledCast). 


e Auto-Cast. This transmission type indicates that as 
soon as an applicable client requests an install image, 
a multicast transmission of the selected image begins. 
As other clients request the same image, they are 
joined to the transmission that is already started. 

e Scheduled-Cast. This transmission type sets the 
start criteria for the transmission based on the 
number of clients that are requesting an image and/or 
a specific day and time. You can specify the following 
options: 


o [/time: ] - Sets the time that the transmission 
should start by using the following format: 
YYYY/MM/DD:hh:mm. 

° [/Clients: ] - Sets the minimum number of 
clients to wait for before the transmission 
starts. 


/Architecture:{x86 | ia64 | x64} Specifies the architecture of the boot image to transmit using 
multicasting. Because it is possible to have the same name for 
boot images of different architectures, you should specify the 
architecture to ensure the correct image is used. 


[/Filename:] Specifies the file name. If the source image cannot be uniquely 
identified by name, you must specify the file name. 


Examples 


To create an Auto-Cast transmission of a boot image in Windows Server 2008 R2, type: 


wdsutil /New-MulticastTransmission /FriendlyName:WDS Boot Transmission 
/Image:X64 Boot imagetype:Boot /Architecture:x64 /Transmissiontype:AutoCast 


To create an Auto-Cast transmission of an install image, type: 


wdsutil /New-MulticastTransmission /FriendlyName:WDS AutoCast Transmission 
/Image:Vista with Officeimage imagetype:Install /Transmissiontype:AutoCast 


To create a Scheduled-Cast transmission of an install image, type: 


wdsutil /New-MulticastTransmission /FriendlyName:WDS SchedCast Transmission /Server:MyWDSServer Image:Vista 
with Office imagetype:Install 


/Transmissiontype:ScheduledCast /time:2006/11/20:17:0@ /Clients:100 


Additional References 


e Command-Line Syntax Key 

e wdsutil get-allmulticasttransmissions command 
e wdsutil get-multicasttransmission command 

e wdsutil remove-multicasttransmission command 


e wdsutil start-multicasttransmission command 


wdsutil new-namespace 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Creates and configures a new namespace. You should use this option when you have only the Transport Server 
role service installed. If you have both the Deployment Server role service and the Transport Server role service 
installed (which is the default), use wdsutilnew-MulticastTransmission command. Note that you must register the 
content provider before you use this option. 


Syntax 


wdsutil [Options] /New-Namespace [/Server:<Server name>] 
/FriendlyName:<Friendly name> 
[/Description:<Description>] 
/Namespace:<Namespace name> 
/ContentProvider:<Name> 
[/ConfigString:<Configuration string>] 
/Namespacetype: {AutoCast | ScheduledCast} 
[/time:<YYYY/MM/DD:hh:mm> ] 
[/Clients:<Number of clients>] 


Parameters 

PARAMETER DESCRIPTION 

[/Server:] Specifies the name of the server. This can be the NetBIOS 
name or the fully qualified domain name (FQDN). If no server 
name is specified, the local server is used. 

/FriendlyName: Specifies the friendly name of the namespace. 

[/Description:] Sets the description of the namespace. 

/Namespace: Specifies the name of the namespace. Note that this is not the 
friendly name, and it must be unique. 
- Deployment Server role service: The syntax for this 
option is /Namespace:WDS://. For example: 
WDS:ImageGroup1 /install.wim/1 
- Transport Server role service: This value should 
match the name given when the namespace was created 
on the server. 

/ContentProvider:] Specifies the name of the content provider that will provide 


content for the namespace. 


[/ConfigString:] Specifies the configuration string for the content provider. 


PARAMETER DESCRIPTION 


/Namespacetype: (AutoCast | ScheduledCast) Specifies the settings for the transmission. You specify the 
settings using the following options: 


- [/time: ] - Sets the time that the transmission should 
start by using the following format: 
YYYY/MM/DD:hh:mm. This option applies only to 
Scheduled-Cast transmissions. 

- [/Clients: ] - Sets the minimum number of clients to wait 
for before the transmission starts. This option applies 
only to Scheduled-Cast transmissions. 


Examples 
To create an Auto-Cast namespace, type: 


wdsutil /New-Namespace /FriendlyName:Custom AutoCast Namespace /Namespace:Custom Auto 1 
/ContentProvider:MyContentProvider /Namespacetype:AutoCast 


To create a Scheduled-Cast namespace, type: 


wdsutil /New-Namespace /Server:MyWDSServer /FriendlyName:Custom Scheduled Namespace /Namespace:Custom Auto 1 
/ContentProvider:MyContentProvider 
/Namespacetype:ScheduledCast /time:2006/11/20:17:00 /Clients:20 


Additional References 


e Command-Line Syntax Key 
e wdsutil get-allnamespaces command 
e wdsutil remove-namespace command 


e wdsutil start-namespace command 


wdsutil /progress 
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Displays progress while a command is running. You can use /progress with any other wdsutil commands that you 


run. If you want to turn on verbose logging for this command, you must specify /verbose and /progress directly 
after wdsutil. 


Syntax 


wdsutil /progress <commands> 


Examples 


To initialize the server and display progress, type: 


wdsutil /verbose /progress /Initialize-Server /Server:MyWDSServer /RemInst:C:\RemoteInstall 


Additional References 


e Command-Line Syntax Key 


wdsutil reject-autoadddevices 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Rejects computers that are pending administrative approval. When the Auto-add policy is enabled, administrative 
approval is required before unknown computers (those that are not prestaged) can install an image. You can 
enable this policy using the PXE Response tab of the server s properties page. 


Syntax 


wdsutil [Options] /Reject-AutoaddDevices [/Server:<Server name>] /RequestId:<Request ID or ALL> 


Parameters 
PARAMETER DESCRIPTION 
[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 
/Requestld:< Request ID | ALL> Specifies the request ID assigned to the pending computer. To 
reject all pending computers, specify ALL. 
Examples 


To reject a single computer, type: 
wdsutil /Reject-AutoaddDevices /RequestId:12 
To reject all computers, type: 


wdsutil /verbose /Reject-AutoaddDevices /Server:MyWDSServer /RequestId:ALL 


Additional References 


e Command-Line Syntax Key 
e wdsutil approve-autoadddevices command 
e wdsutil delete-autoadddevices command 


e wdsutil get-autoadddevices command 


wdsutil remove 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Subcommands 
SUBOMMAND DESCRIPTION 
wdsutil remove-image command removes a boot or install image from the server. 
wdsutil remove-imagegroup command removes an image group from the server. 
wdsutil remove-multicasttransmission command Disables multicast transmission of an image. 
wdsutil remove-namespace command removes a namespace from the server. 
wdsutil remove-drivergrouppackage command removes a driver package from a driver group on a server. 
wdsutil remove-drivergrouppackages command removes driver packages from a driver group on a server. 
wdsutil remove-driverpackage command removes a driver package from a server. 
wdsutil remove-driverpackages command removes driver packages from a server. 
wdsutil remove-drivergroup command removes a driver group from a server. 


wdsutil remove-drivergroupfilter command removes a filter rule from a driver group on a server. 


remove-DriverGroup 
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Removes a driver group from a server. 


Syntax 


wdsutil /Remove-DriverGroup /DriverGroup:<Group Name> [/Server:<Server name>] 


Parameters 
PARAMETER DESCRIPTION 
/DriverGroup:<Group Name> Specifies the name of the driver group to remove. 
[/Server:<Server name>] Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If a server name is not specified, the local 
server is used. 
Examples 


To remove a driver group, type one of the following: 


wdsutil /Remove-DriverGroup /DriverGroup:PrinterDrivers 


wdsutil /Remove-DriverGroup /DriverGroup:PrinterDrivers /Server:MyWdsServer 


Additional References 


e Command-Line Syntax Key 


remove-DriverGroupFilter 
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Removes a filter rule from a driver group on a server. 


Syntax 


wdsutil /Remove-DriverGroupFilter /DriverGroup:<Group Name> [/Server:<Server name>] /FilterType:<Filter Type> 


Parameters 


PARAMETER DESCRIPTION 
/DriverGroup:< Group Name> Specifies the name of the driver group. 


[/Server:<Server name>] Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If a server name is not specified, the local 
server is used. 


[/FilterType: < FilterType>] Specifies the type of the filter to remove from the group. 
<FilterType> can be one of the following: 
BiosVendor 
BiosVersion 
ChassisType 
Manufacturer 
Uuid 
OsVersion 
OsEdition 
OsLanguage 


Examples 


To remove a filter, type one of the following: 


wdsutil /Remove-DriverGroupFilter /DriverGroup:PrinterDrivers /FilterType:Manufacturer 


wdsutil /Remove-DriverGroupFilter /DriverGroup:PrinterDrivers /FilterType:Manufacturer /FilterType:OSLanguage 


Additional References 


e Command-Line Syntax Key 


remove-DriverGroupPackage 
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Removes a driver package from a driver group on a server. 


Syntax 


wdsutil /Remove-DriverGroupPackage /DriverGroup:<Group Name> [/Server:<Server Name>] {/DriverPackage:<Name> | 
/PackageId:<ID>} 


Parameters 
PARAMETER DESCRIPTION 
[/Server:<Server name>] Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If a server name is not specified, the local 
server is used. 
[/DriverPackage:<Name>] Specifies the name of the driver package to remove. 
[/Packageld:<ID>] Specifies the Windows Deployment Services ID of the driver 
package to remove. You must specify this option if the driver 
package cannot be uniquely identified by name. 
Examples 


wdsutil /Remove-DriverGroupPackage /DriverGroup:PrinterDrivers /PackagelId: {4D36E972-E325-11CE-BFC1- 
08002BE10318) 


wdsutil /Remove-DriverGroupPackage /DriverGroup:PrinterDrivers /DriverPackage:XYZ 


Additional References 


e Command-Line Syntax Key 


wdsutil remove-drivergrouppackages 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Removes driver packages from a driver group on a server. 


Syntax 


wdsutil /remove-DriverGroupPackages /DriverGroup:<Group Name> [/Server:<Server Name>] /Filtertype:<Filter 
type> /Operator:{Equal | NotEqual | GreaterOrEqual | LessOrEqual | Contains} /Value:<Value> [/Value:<Value> 
l 


Parameters 
PARAMETER DESCRIPTION 
/DriverGroup: Specifies the name of the driver group. 
[/Server:] Specifies the name of the server. This can be the NetBIOS 


name or the FQDN. If a server name is not specified, the local 
server is used. 


PARAMETER 


/Filtertype: 


/Operator:(Equal | NotEqual | GreaterOrEqual | LessOrEqual | 
Contains) 


DESCRIPTION 


Specifies the attribute of the driver package to search for. You 
can specify multiple attributes in a single command. You must 
also specify /Operator and /Value with this option. 


can be one of the following: 
Packageld 
PackageName 
PackageEnabled 
Packagedateadded 
PackagelnfFilename 
PackageClass 
PackageProvider 
PackageArchitecture 
PackageLocale 
PackageSigned 
PackagedatePublished 
Packageversion 
Driverdescription 
DriverManufacturer 
DriverHardwareld 
Drivercompatibleld 
DriverExcludeld 
DriverGroupld 


DriverGroupName 


Specifies the relationship between the attribute and the 
values. You can only specify Contains with string attributes. 
You can only specify GreaterOrEqual and LessOrEqual with 
date and version attributes. 


PARAMETER 


/Nalue: 


Examples 


DESCRIPTION 


Specifies the value to search for the specified . You can specify 
multiple values for a single /Filtertype. The following list 
outlines the attributes that you can specify for each filter. For 
more information about these attributes, see Driver and 
Package attributes (https://go.microsoft.com/fwlink/? 
Linkld=166895). 


- Packageld - Specify a valid GUID. For example: 
(4d36e972-e325-11ce-bfc1-08002be10318). 

- PackageName Specify any string value. 

- PackageEnabled - Specify Yes or No. 

- Packagedateadded - Specify the date in the following 
format: YYYY/MM/DD 

- PackagelnfFilename Specify any string value. 

- PackageClass - Specify a valid class name or class GUID. 
For example: DiskDrive, Net, or {4d36e972-e325-11ce- 
bfc1-08002be10318). 

- PackageProvider Specify any string value. 

- PackageArchitecture - Specify x86, x64, or ia64. 

- PckageLocale - Specify a valid language identifier. For 
example: en-US or es-ES. 

- PackageSigned - Specify Yes or No. 

- PackagedatePublished - Specify the date in the following 
format: YYYY/MM/DD 

- Packageversion - Specify the version in the following 
format: a.b.xy. For example: 6.1.0.0 

- Driverdescription Specify any string value. 

- DriverManufacturer Specify any string value. 

- DriverHardwareld - Specify any string value. 

- Drivercompatibleld - Specify any string value. 

- DriverExcludeld - Specify any string value. 

- DriverGroupld - Specify a valid GUID. For example: 
(4d36e972-e325-11ce-bfc1-08002be10318). 

- DriverGroupName Specify any string value. 


To remove driver packages from a driver group, type one of the following: 


wdsutil /verbose /remove-DriverGroupPackages /DriverGroup:printerdrivers 


/Filtertype:DriverManufacturer /Operator:NotEqual /Value:Namei /Value:Name2 


wdsutil /verbose /remove-DriverGroupPackages /DriverGroup:DisplayDrivers 


/Filtertype:PackageArchitecture /Operator:Equal /Value:x86 
/Filtertype:Packagedateadded /Operator:LessOrEqual /Value:2008/01/01 


Additional References 


e Command-Line Syntax Key 


e wdsutil remove-drivergrouppackage command 


wdsutil remove-driverpackage 


11/2/2020 * 2 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Removes a driver package from a server. 


Syntax 


wdsutil /remove-DriverPackage [/Server:<Server name>] {/DriverPackage:<Package Name> | /PackageId:<ID>} 


Parameters 
PARAMETER DESCRIPTION 
[/Server:] Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If a server name is not specified, the local 
server is used. 
[/DriverPackage:] Specifies the name of the driver package to remove. 
[/Packageld:] Specifies the Windows Deployment Services ID of the driver 
package to remove. You must specify the ID if the driver 
package cannot be uniquely identified by name. 
Examples 


To view information about the images, type one of the following: 


wdsutil /remove-DriverPackage /Packageld: {4D36E972-E325-11CE-Bfc1-08002BE10318} 


wdsutil /remove-DriverPackage /Server:MyWdsServer /DriverPackage:MyDriverPackage 


Additional References 


e Command-Line Syntax Key 


e wdsutil remove-driverpackages command 


wdsutil remove-driverpackages 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Removes driver packages from the server. 


Syntax 


wdsutil /remove-DriverPackages [/Server:<Server name>] /Filtertype:<Filter type> /Operator:(Equal | NotEqual | 
GreaterOrEqual | LessOrEqual | Contains} /Value:<Value> [/Value:<Value> ...] 


Parameters 
PARAMETER DESCRIPTION 
[/Server:] Specifies the name of the server. This can be the NetBIOS 


name or the FQDN. If a server name is not specified, the local 
server is used. 


PARAMETER 


/Filtertype: 


/Operator:(Equal | NotEqual | GreaterOrEqual | LessOrEqual | 
Contains) 


DESCRIPTION 


Specifies the attribute of the driver package to search for. You 
can specify multiple attributes in a single command. You must 
also specify /Operator and /Value with this option. 


can be one of the following: 
Packageld 
PackageName 
PackageEnabled 
Packagedateadded 
PackagelnfFilename 
PackageClass 
PackageProvider 
PackageArchitecture 
PackageLocale 
PackageSigned 
PackagedatePublished 
Packageversion 
Driverdescription 
DriverManufacturer 
DriverHardwareld 
Drivercompatibleld 
DriverExcludeld 
DriverGroupld 


DriverGroupName 


Specifies the relationship between the attribute and the 
values. You can only specify Contains with string attributes. 
You can only specify GreaterOrEqual and LessOrEqual 
with date and version attributes. 


PARAMETER DESCRIPTION 


/Nalue: Specifies the value to search for the specified . You can specify 
multiple values for a single /Filtertype. The following list 
outlines the attributes that you can specify for each filter. For 
more information about these attributes, see Driver and 
Package attributes (https://go.microsoft.com/fwlink/? 
Linkld=166895). 


- Packageld - Specify a valid GUID. For example: 
{4d36e972-e325-11ce-bfc1-08002be103 18}. 

- PackageName Specify any string value. 

- PackageEnabled - Specify Yes or No. 

- Packagedateadded - Specify the date in the following 
format: YYYY/MM/DD 

- PackagelnfFilename Specify any string value. 

- PackageClass - Specify a valid class name or class GUID. 
For example: DiskDrive, Net, or {4d36e972-e325-1 1ce- 
bfc1-08002be103 18}. 

- PackageProvider Specify any string value. 

- PackageArchitecture - Specify x86, x64, or ia64. 

- PckageLocale - Specify a valid language identifier. For 
example: en-US or es-ES. 

- PackageSigned - Specify Yes or No. 

- PackagedatePublished - Specify the date in the following 
format: YYYY/MM/DD 

- Packageversion - Specify the version in the following 
format: a.b.x.y. For example: 6.1.0.0 

- Driverdescription Specify any string value. 

- DriverManufacturer Specify any string value. 

- DriverHardwareld - Specify any string value. 

- Drivercompatibleld - Specify any string value. 

- DriverExcludeld - Specify any string value. 

- DriverGroupld - Specify a valid GUID. For example: 
(4d36e972-e325-11ce-bfc1-08002be10318). 

- DriverGroupName Specify any string value. 


Examples 


To remove packages, type one of the following: 


wdsutil /verbose /remove-DriverPackages /Server:MyWdsServer 
/Filtertype:PackageProvider /Operator:Equal /Value:Name1l /Value:Name2 


wdsutil /remove-DriverPackages /Filtertype:PackageArchitecture /Operator: Equal 
/Value:x86 /Value:x64 /Filtertype:PackageEnabled /Operator:Equal /Value:No 


wdsutil /verbose /remove-DriverPackages /Server:MyWdsServer 
/Filtertype:Packagedateadded /Operator:LessOrEqual /Value: 2008/01/01 


Additional References 


e Command-Line Syntax Key 


e wdsutil remove-driverpackage command 


wdsutil remove-image 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Deletes an image from a server. 


Syntax 


for boot images: 


wdsutil [Options] /remove-Image:<Image name> [/Server:<Server name> type:Boot /Architecture:(x86 | ia64 | 
x64) [/Filename:<Filename>] 


for install images: 


wdsutil [Options] /remove-image:<Image name> [/Server:<Server name> type:Install ImageGroup:<Image group 
name>] [/Filename:<Filename>] 


Parameters 

PARAMETER DESCRIPTION 

/remove-image: Specifies the name of the image. 

[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 

mediatype:{Boot | Install} Specifies the type of image. 

/Architecture:(x86 | ia64 | x64) Specifies the architecture of the image. Because it is possible 
to have the same image name for different boot images in 
different architectures, specifying the architecture value 
ensures that the correct image will be removed. 

VmageGroup:] Specifies the image group that contains the image. If no 
image group name is specified and only one image group 
exists on the server, that image group will be used. If more 
than one image group exists, you must use this option to 
specify the image group. 

[/Filename:] if the image cannot be uniquely identified by name, you must 
use this option to specify the file name. 

Examples 


To remove a boot image, type: 


wdsutil /remove-Imagmedia:WinPE Boot Imagemediatype:Boot /Architecture:x86 


wdsutil /verbose /remove-Image:WinPE Boot Image /Server:MyWDSServer type:Boot /Architecture:x64 
/Filename:boot.wim 


To remove an install image, type: 


wdsutil /remove-Image:Windows Vista with Officemediatype:Install 


wdsutil /verbose /remove-Image:Windows Vista with Office /Server:MyWDSServemediatype:Instal 
ImageGroup:ImageGroup1 /Filename:install.wim 


Additional References 


e Command-Line Syntax Key 

e wdsutil add-image command 

e wdsutil copy-image command 

e wdsutil export-image command 
e wdsutil get-image command 

e wdsutil replace-image command 


e wdsutil set-image command 


wdsutil remove-imagegroup 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Removes an image group from a server. 


Syntax 


wdsutil [Options] /remove-ImageGroup Group:<Image group name> [/Server:<Server name>] 


Parameters 
PARAMETER DESCRIPTION 
imagegroup: Specifies the name of the image group to be removed 
[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 
Examples 


To remove the image group, type one of the following: 


wdsutil /remove-ImageGroumediaGroup: ImageGroup1 
wdsutil /verbose /remove-ImageGroumediaGroup:My Image Group /Server:MyWDSServer 


Additional References 


e Command-Line Syntax Key 

e wdsutil add-imagegroup command 

e wdsutil get-allimagegroups command 
e wdsutil get-imagegroup command 


e wdsutil set-imagegroup command 


wdsutil remove-multicasttransmission 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Disables multicast transmitting for an image. Unless you specify /force, existing clients will complete the image 
transfer but new clients will not be allowed to join. 


Syntax 


Windows Server 2008 


wdsutil /remove-MulticastTransmission:<Image name> [/Server:<Server name> mediatype:Install Group:<Image 
Group>] [/Filename:<File name>] [/force] 


Windows Server 2008 R2 for boot images: 


wdsutil [Options] /remove-MulticastTransmissiomedia:<Image name> 
\x20 [/Server:<Server name>] 

\x2@ mediatype:Boot 

Nx20 /Architecture:{x86 | ia64 | x64} 

\x20 [/Filename:<File name>] 


for install images: 


wdsutil [Options] /remove-MulticastTransmissiomedia:<Image name> 
[/Server:<Server name>] 
mediatype: Install 
mediaGroup:<Image Group 
[/Filename:<File name>] 


Parameters 

PARAMETER DESCRIPTION 

media: Specifies the name of the image. 

[/Server:] Specifies the name of the server. This can be the NetBIOS 
name or the fully qualified domain name (FQDN). If no server 
name is specified, the local server is used. 

mediatype:{Install|Boot} Specifies the image type. Note that this option must be set to 
Install for Windows Server 2008. 

/Architecture:{x86 | ia64 | x64} Specifies the architecture of the boot image that is associated 


with the transmission to start. Because it is possible to have 
the same image name for boot images in different 
architectures, you should specify the architecture to ensure 
that the correct transmission is used. 


PARAMETER 


YmediaGroup:] 


[/Filename:] 


[/force] 


Examples 


DESCRIPTION 


Specifies the image group that contains the image. If no 
image group name is specified and only one image group 
exists on the server, that image group is used. If more than 
one image group exists on the server, you must use this 
option to specify the image group name. 


Specifies the file name. If the source image cannot be uniquely 
identified by name, you must use this option to specify the 
file name. 


removes the transmission and terminates all clients. Unless 
you specify a value for the /force option, existing clients can 
complete the image transfer but new clients are not able to 
join. 


To stop a namespace (current clients will complete the transmission, but new clients will not be able to join), type: 


wdsutil /remove-MulticastTransmission:Vista with Office 
/Imagetype:Install 


wdsutil /remove-MulticastTransmission:x64 Boot Image 
/Imagetype:Boot /Architecture: x64 


To force termination of all clients, type: 


wdsutil /remove-MulticastTransmission /Server:MyWDSServer 
/Image:Vista with Officemediatype: InstalmediaGroup: ImageGroup1 


/Filename:install.wim /force 


Additional References 


e Command-Line Syntax Key 

e wdsutil get-allmulticasttransmissions command 
e wdsutil get-multicasttransmission command 

e wdsutil new-multicasttransmission command 


e wdsutil start-multicasttransmission command 


wdsutil remove-namespace 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Removes a custom namespace. 


Syntax 


wdsutil /remove-Namespace /Namespace:<Namespace name> [/Server:<Server name>] [/force] 


Parameters 


PARAMETER DESCRIPTION 


/Namespace: Specifies the name of the namespace. This is not the friendly 
name, and it must be unique. 


- Deployment Server role service: The syntax for 
namespace name is /Namespace:WDS;//. For example: 
WDS:ImageGroup1 /install.wim/1 

- Transport Server role service: This value must 
match the name given to the namespace when it was 
created on the server. 


[/Server:] Specifies the name of the server. This can be the NetBIOS 
name or the fully qualified domain name (FQDN). If no server 
name is specified, the local server is used. 


[/force] removes the namespace immediately and terminates all 
clients. Note that unless you specify /force, existing clients 
can complete the transfer, but new clients are not able to join. 


Examples 

To stop a namespace (current clients can complete the transfer but new clients are not able to join), type: 
wdsutil /remove-Namespace /Namespace:Custom Auto 1 

To force termination of all clients, type: 


wdsutil /remove-Namespace /Server:MyWDSServer /Namespace:Custom Auto 1 /force 


Additional References 


e Command-Line Syntax Key 
e wdsutil get-allnamespaces command 


e wdsutil new-namespace command 


e wdsutil start-namespace command 


wdsutil replace-image 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Replaces an existing image with a new version of that image. 


Syntax 


for boot images: 


wdsutil [Options] /replace-Imagmedia:<Image name> [/Server:<Server name>] 
mediatype:Boot 

/Architecture:{x86 | ia64 | x64} 

[/Filename:<File name>] 

/replacementImage 

mediaFile:<wim file path> 

[/Name:<Image name>] 
[/Description:<Image description>] 


for install images: 


wdsutil [Options] /replace-Imagmedia:<Image name> [/Server:<Server name>] 
mediatype: Install 
mediaGroup:<Image group name>] 
[/Filename:<File name>] 
/replacementImage 
mediaFile:<wim file path> 
[/SourceImage:<Source image name>] 
[/Name:<Image name>] 
[/Description:<Image description>] 


Parameters 

PARAMETER DESCRIPTION 

media: Specifies the name of the image to be replaced. 

[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 

mediatype:{Boot | Install} Specifies the type of image to be replaced. 

/Architecture:(x86 | ia64 | x64) Specifies the architecture of the image to be replaced. 
Because it is possible to have the same image name for 
different boot images in different architectures, specifying the 
architecture ensures that the correct image is replaced. 

[/Filename:] if the image cannot be uniquely identified by name, you must 


use this option to specify the file name. 


PARAMETER DESCRIPTION 


/replacementImage Specifies the settings for the replacement image. You set 
these settings using the following options: 


- mediaFile: - Specifies the name and location (full path) 
of the new .wim file. 

- [/Sourcelmage: ] - Specifies the image to be used if the 
.wim file contains multiple images. This option applies 
only to install images. 

- [/Name:] Sets the display name of the image. 

- [/Description:] - Sets the description of the image. 


Examples 


To replace a boot image, type one of the following: 


wdsutil /replace-Imagmedia:WinPE Boot Imagemediatype:Boot /Architecture: x86 
/replacementImagmediaFile:C:\MyFolder\Boot.wim 

wdsutil /verbose /Progress /replace-Imagmedia:WinPE Boot Image /Server:MyWDSServemediatype: Boot 
/Architecture:x64 /Filename:boot.wim 

/replacementImagmediaFile: \\MyServer\Share\Boot.wim /Name:My WinPE Image /Description:WinPE Image with 
drivers 


To replace an install image, type one of the following: 


wdsutil /replace-Imagmedia:Windows Vista Homemediatype: Install 
/replacementImagmediaFile:C:\MyFolder\Install.wim 

wdsutil /verbose /Progress /replace-Imagmedia:Windows Vista Pro 

/Server :MyWDSServemediatype: InstalmediaGroup: ImageGroup1 

/Filename:Install.wim /replacementImagmediaFile:\\MyServer\Share \Install.wim /SourceImage:Windows Vista 
Ultimate /Name:Windows Vista Desktop /Description:Windows Vista Ultimate with standard business applications. 


Additional References 


e Command-Line Syntax Key 

e wdsutil add-image command 

e wdsutil copy-image command 

e wdsutil export-image command 
e wdsutil get-image command 

e wdsutil replace-image command 


e wdsutil set-image command 


Using the set command 


11/2/2020 * 2 minutes to read * Edit Online 





Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sets properties and attributes for Windows Deployment Services servers, prestaged computers, images, image 
groups, and Transport Servers. 


Subcommands 

SUBCOMMAND DESCRIPTION 

Subcommand: set-Device changes the attributes of a prestaged computer. Å prestaged 
computer is a computer that has been linked to a computer 
account object in active directory Domain Servers (AD DS). 
Prestaged clients are also called known computers. 

Subcommand: set-Image changes the attributes of an existing image. 

Subcommand: set-ImageGroup changes the attributes of an existing image group. 

Subcommand: set-Server Configures the settings for a Windows Deployment Services 
server. 

Subcommand: set-TransportServer Configures the settings for a Transport Server. 

Subcommand: set-DriverPackage renames and/or enable/disable a driver package on a server. 

Subcommand: set-DriverGroup Sets the properties of an existing driver group on a server. 

Subcommand: set-DriverGroupFilter adds or removes an existing driver group filter from a driver 


group. 


wdsutil set-device 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the attributes of a prestaged computer. Å prestaged computer is a computer that has been linked to a 
computer account object in active directory Domain Servers (AD DS). Prestaged clients are also called known 
computers. You can configure properties on the computer account to control the installation for the client. For 
example, you can configure the network boot program and the unattend file that the client should receive, as well 
as the server from which the client should download the network boot program. 


Syntax 


wdsutil [Options] /Set-Device /Device:<Device name> [/ID:<UUID | MAC address>] [/ReferralServer:<Server name>] 
[/BootProgram:<Relative path>] 

[/WdsClientUnattend:<Relative path>] [/User:<Domain\User | User@Domain>] [/JoinRights:{JoinOnly | Full}] 
[/JoinDomain:{Yes | No}] [/BootImagepath:<Relative path>] [/Domain:<Domain>] [/resetAccount] 


Parameters 


PARAMETER DESCRIPTION 
/Device: Specifies the name of the computer (SAM-Account-Name). 


[/ID:<UUID | MAC address>] Specifies either the GUID/UUID or the MAC address of the 
computer. This value must be in one of the following three 
formats: 

- Binary string: 
/ID:ACEFA3E81F20694E953EB2DAA1E8B1B6 

- GUID/UUID string: /ID:E8A3EFAC-201F-4E69-953E- 
B2DAA1E8B1B6 

- MAC address: 00B056882FDC (no dashes) or 00-BO- 
56-88-2F-DC (with dashes) 


[/ReferralServer:] Specifies the name of the server to be contacted to download 
the network boot program and boot image using Trivial File 
Transfer Protocol (tftp). 


[/BootProgram:] Specifies the relative path from the remotelnstall folder to the 
network boot program that the specified computer will 
receive. For example: boot\x86\pxeboot.com 


[/WdsClientUnattend:] Specifies the relative path from the remotelnstall folder to the 
unattend file that automates the installation screens for the 
Windows Deployment Services client. 


[/User:<Domain\User | User@Domain>] Sets permissions on the computer account object to give the 
specified user the necessary rights to join the computer to the 
domain. 


PARAMETER 


[/JoinRights:JoinOnly | Full] 


[/JoinDomain:(Yes | No]] 


[/BootImagepathi:] 
[/Domain:] 


[/resetAccount] 


Examples 


DESCRIPTION 


Specifies the type of rights to be assigned to the user. 


- JoinOnly requires the administrator to reset the 
computer account before the user can join the computer 
to the domain. 

- Full gives full access to the user, including the right to 
join the computer to the domain. 


Specifies whether or not the computer should be joined to the 
domain as this computer account during a Windows 
Deployment Services installation. The default setting is Yes. 


Specifies the relative path from the remotelnstall folder to the 
boot image that the computer will use. 


Specifies the domain to be searched for the prestaged 
computer. The default value is the local domain. 


resets the permissions on the specified computer so that 
anyone with the appropriate permissions can join the domain 
by using this account. 


To set the network boot program and referral server for a computer, type: 


wdsutil /Set-Device /Device:computer1 /ReferralServer :MyWDSServer 


/BootProgram: boot \x86\pxeboot.n12 


To set various settings for a computer, type: 


wdsutil /verbose /Set-Device /Device:computer2 /ID:ØØ-BØ-56-88-2F-DC 


/WdsClientUnattend:WDSClientUnattendlunattend.xml 


/User:Domain\user /JoinRights:JoinOnly /JoinDomain:No /BootImagepath: boot\x86\images\boot.wim 


/Domain:NorthAmerica /resetAccount 


Additional References 


e Command-Line Syntax Key 
e wdsutil add-device command 
e wdsutil get-alldevices command 


e wdsutil get-device command 


Subcommand: set-DriverGroup 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sets the properties of an existing driver group on a server. 


Syntax 


wdsutil /Set-DriverGroup /DriverGroup:<Group Name> [/Server:<Server Name>] [/Name:<New Group Name>] [/Enabled: 
(Yes | No)] [/Applicability:(Matched | A11)] 


Parameters 

PARAMETER DESCRIPTION 

/DriverGroup: Specifies the name of the driver group. 

[/Server:] Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If a server name is not specified, the local 
server is used. 

[/Name:] Specifies the new name for the driver group. 

[/Enabled:{Yes | No} Enables or disables the driver group. 

[/Applicability:{Matched | All}] Specifies which packages to install if the filter criteria is met. 
Matched means install only the driver packages that match a 
client s hardware. All means install all packages to clients 
regardless of their hardware. 

Examples 


To set the properties for a driver group, type one of the following: 


wdsutil /Set-DriverGroup /DriverGroup:printerdrivers /Enabled:Yes 


wdsutil /Set-DriverGroup /DriverGroup:printerdrivers /Name:colorprinterdrivers /Applicability:All 


Additional References 


e Command-Line Syntax Key Subcommand: set-DriverGroupFilter 


Subcommand: set-DriverGroupFilter 
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Adds or removes an existing driver group filter from a driver group. 


Syntax 


wdsutil /Set-DriverGroupFilter /DriverGroup:<Group Name> [/Server:<Server name>] /FilterType:<Filter Type> 
[/Policy:{Include | Exclude}] [/AddValue:<Value> [/AddValue:<Value> ...]] [/RemoveValue:<Value> [/RemoveValue: 
<Value> ...]] 


Parameters 

PARAMETER DESCRIPTION 

/DriverGroup:< Group Name> Specifies the name of the driver group. 

[/Server:<Server name>] Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If a server name is not specified, the local 
server is used. 

/FilterType:<FilterType> Specifies the type of driver group filter to add or remove. You 


can specify multiple filters in a single command. For each 
/FilterType, you can add or remove multiple values using 
/RemoveValue and /AddValue. <FilterType> can be one of 
the following: 

BiosVendor 

BiosVersion 

ChassisType 

Manufacturer 

Uuid 

OsVersion 

OsEdition 

OsLanguage 


[/Policy:{Include Exclude}] 


PARAMETER DESCRIPTION 


[/AddValue:< Value>] Specifies the new client value to add to the filter. You can 
specify multiple values for a single filter type. See the following 
list for valid attribute values for ChassisType. For information 
about obtaining the values for all other filter types, see Driver 
Group Filters (https://go.microsoft.com/fwlink/? 
LinkID=155158). 

Other 
UnknownChassis 
Desktop 
LowProfileDesktop 
PizzaBox 

MiniTower 

Tower 

Portable 

Laptop 

Notebook 

Handheld 
DockingStation 
AlllnOne 
SubNotebook 
SpaceSaving 
LunchBox 
MainSystemChassis 
ExpansionChassis 
SubChassis 
BusExpansionChassis 
PeripheralChassis 
StorageChassis 
RackMountChassis 
SealedCaseComputer 
MultiSystemChassis 
CompactPci 
AdvancedTca 


[/RemoveValue: < Value>] Specifies the existing client value to remove from the filter as 
specified with /AddValue. 


Examples 
To remove a filter, type one of the following: 


wdsutil /Set-DriverGroupFilter /DriverGroup:PrinterDrivers /FilterType:Manufacturer /Policy: Include 
/AddValue:Name1 /RemoveValue:Name2 


wdsutil /Set-DriverGroupFilter /DriverGroup:PrinterDrivers /FilterType:Manufacturer /Policy:Include 
/RemoveValue:Name1 /FilterType:ChassisType /Policy:Exclude /AddValue:Tower /AddValue:MiniTower 


Additional References 


e Command-Line Syntax Key 


Subcommand: set-DriverPackage 
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Renames and/or enables or disables a driver package on a server. 


Syntax 


wdsutil /Set-DriverPackage [/Server:<Server name>] {/DriverPackage:<Name> | /PackageId:<ID>} [/Name:<New Name>] 
[/Enabled:{Yes | No} 


Parameters 
PARAMETER DESCRIPTION 
[/Server:<Server name>] Specifies the name of the server. This can be the NetBIOS 
name or the FQDN. If a server name is not specified, the local 
server is used. 
[/DriverPackage:<Name>] Specifies the current name of the driver package to modify. 
[/Packageld:<ID>] Specifies the Windows Deployment Services ID of the driver 
package. You must specify this option if the driver package 
cannot be uniquely identified by name. To find this ID for a 
package, click the driver group that the package is in (or the 
All Packages node), right-click the package, and then click 
Properties. The Package ID is listed on the General tab. For 
example: {DD098D20-1850-4FC8-8E35-EA24A1 BEFF5E}. 
[/Name:< New Name>] Specifies the new name for the driver package. 
[/Enabled:{Yes No} 
Examples 


To change settings about a package, type one of the following: 


wdsutil /Set-DriverPackage /PackageId: {4D36E972-E325-11CE-BFC1-08002BE10318} /Name:MyDriverPackage 


wdsutil /Set-DriverPackage /DriverPackage:MyDriverPackage /Name:NewName /Enabled:Yes 


Additional References 


e Command-Line Syntax Key 


wdsutil set-image 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the attributes of an image. 


Syntax 


for boot images: 


wdsutil /Set-Imagmedia:<Image name> [/Server:<Server name>mediatype:Boot /Architecture:(x86 | ia64 | x64) 
[/Filename:<File name>] [/Name:<Name>] 
[/Description:<Description>] [/Enabled:{Yes | No}] 


for install images: 


wdsutil /Set-Imagmedia:<Image name> [/Server:<Server name>] 
mediatype:InstallmediaGroup:<Image group name>] 
[/Filename:<File name>] 
[/Name:<Name> ] 
[/Description:<Description>] 
[/UserFilter:<SDDL>] 
[/Enabled:(Yes | No)] 
[/UnattendFile:<Unattend file path>] 
[/OverwriteUnattend:(Yes | No)] 


Parameters 

PARAMETER DESCRIPTION 

media: Specifies the name of the image. 

[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 

mediatype:{Boot | Install} Specifies the type of image. 

/Architecture:(x86 | ia64 | x64) Specifies the architecture of the image. Because you can have 
the same image name for different boot images in different 
architectures, specifying the architecture ensures that the 
correct image is modified. 

[/Filename:] if the image cannot be uniquely identified by name, you must 
use this option to specify the file name. 

[/Name] Specifies the name of the image. 


[/Description:] Sets the description of the image. 


PARAMETER DESCRIPTION 
[/Enabled:{Yes | No}] Enables or disables the image. 


YmediaGroup:] Specifies the image group that contains the image. If no 
image group name is specified and only one image group 
exists on the server, that image group will be used. If more 
than one image group exists on the server, you must use this 
option to specify the image group. 


[/UserFilter:] Sets the user filter on the image. The filter string must be in 
Security Descriptor Definition Language (SDDL) format. Note 
that, unlike the /Security option for image groups, this 
option only restricts who can see the image definition, and 
not the actual image file resources. To restrict access to the 
file resources, and therefore access to all images within an 
image group, you will need to set security for the image 
group itself. 


[/UnattendFile:] Sets the full path to the unattend file to be associated with 
the image. For example: 
D:\Files\Unattend\Ilmg1Unattend.xml 


[/OverwriteUnattend:{Yes | No}] You can specify /Overwrite to overwrite the unattend file if 
there is already an unattend file associated with the image. 
Note that the default setting is No. 


Examples 


To set values for a boot image, type one of the following: 


wdsutil /Set-Imagmedia:WinPE boot imagemediatype:Boot /Architecture:x86 /Description:New description 
wdsutil /verbose /Set-Imagmedia:WinPE boot image /Server:MyWDSServemediatype:Boot /Architecture: x86 
/Filename:boot.wim 

/Name:New Name /Description:New Description /Enabled:Yes 


To set values for an install image, type one of the following: 


wdsutil /Set-Imagmedia:Windows Vista with Officemediatype:Install /Description:New description 

wdsutil /verbose /Set-Imagmedia:Windows Vista with Office 

/Server :MywDSServemediatype: InstalmediaGroup: ImageGroup1 

/Filename:install.wim /Name:New name /Description:New description /UserFilter:0:BAG:DUD:AI(A;ID;FA;;;SY) 
(A; 1D; FA; ; ;BA)(A;ID;@x1200a9;;;AU) /Enabled:Yes /UnattendFile:\\server\share\unattend. xml 
/OverwriteUnattend: Yes 


Additional References 


e Command-Line Syntax Key 

e wdsutil add-image command 

e wdsutil copy-image command 

e wdsutil Export-image command 
e wdsutil get-image command 

e wdsutil remove-image command 


e wdsutil replace-image command 


wdsutil set-imagegroup 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Changes the attributes of an image group. 


Syntax 


wdsutil [Options] /set-imagegroup:<Image group name> [/Server:<Server name>] [/Name:<New image group name>] 
[/Security:<SDDL>] 


Parameters 

PARAMETER DESCRIPTION 

/set-imagegroup: Specifies the name of the image group. 

[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
not specified, the local server will be used. 

[/Name:] Specifies the new name of the image group. 

[/Security:] Specifies the new Security Descriptor of the image group, in 
security descriptor definition language (SDDL) format. 

Examples 


To set the name for an image group, type: 
wdsutil /Set-ImageGroup:ImageGroupi /Name:New Image Group Name 
To specify various settings for an image group, type: 


wdsutil /verbose /Set-ImageGroupGroup:ImageGroup1 /Server:MyWDSServer /Name:New Image Group Name 
/Security:0:BAG:S-1-5-21-2176941838-3499754553-4071289181-513 D:AI(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY) 
(A;ID;FA;;3;BA)(A;OICIIOID;GA;;;BA) (A;ID;Øx12ØØa9;;;AU)(A;OICIIOID;GXGR;;;AU) 


Additional References 


e Command-Line Syntax Key 

e wdsutil add-imagegroup command 

e wdsutil get-allimagegroups command 
e wdsutil get-imagegroup command 


e wdsutil remove-imagegroup command 


wdsutil set-server 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Configures the settings for a Windows Deployment Services server. 


Syntax 


wdsutil [Options] /Set-Server [/Server:<Server name>] 
[/Authorize:(Yes | No)] 
[/RogueDetection:{Yes | No}] 
[/AnswerClients:(All | Known | None}] 
[/Responsedelay:<time in seconds>] 
[/AllowN12forNewClients:{Yes | No}] 
[/ArchitectureDiscovery:{Yes | No}] 
[/resetBootProgram:{Yes | No}] 
[/DefaultX86X64Imagetype:(x86 | x64 | Both)] 
[/UseDhcpPorts:(Yes | No)] 
[/DhcpOption6e:{Yes | No}] 
[/RpcPort:<Port number>] 
[/PxepromptPolicy 
[/Known:{OptIn | Noprompt | Optout)] 
[/New: (OptIn | Noprompt | Optout)] 
[/BootProgram:<Relative path>] 
/Architecture:{x86 | ia64 | x64} 
[/N12BootProgram:<Relative path>] 
/Architecture:{x86 | ia64 | x64} 
[/BootImage:<Relative path>] 
/Architecture:{x86 | ia64 | x64} 
[/PreferredDC:<DC Name>] 
[/PreferredGC:<GC Name>] 
[/PrestageUsingMAC:{Yes | No}] 
[/NewMachineNamingPolicy:<Policy>] 
[/NewMachineOU] 
[/type:{Serverdomain | Userdomain | UserOU | Custom}] 
[/0U:<Domain name of OU>] 
[/DomainSearchOrder:{GCOnly | DCFirst}] 
[/NewMachineDomainJoin:{Yes | No}] 
[/OSCMenuName: <Name> ] 
[/WdsClientLogging] 
[/Enabled:{Yes | No}] 
[/LoggingLevel:{None | Errors | Warnings | Info}] 
[/WdsUnattend ] 
[/Policy:{Enabled | Disabled}] 
[/CommandlinePrecedence:{Yes | No}] 
[/File:<path>] 
/Architecture:{x86 | ia64 | x64} 
[/AutoaddPolicy] 
[/Policy:{AdminApproval | Disabled}] 
[/PollInterval:{time in seconds}] 
[/MaxRetry: {Retries}] 
[/Message:<Message> ] 
[/RetentionPeriod] 
[/Approved:<time in days>] 
[/Others:<time in days>] 
[/AutoaddSettings ] 
/Architecture:{x86 | ia64 | x64} 
[/BootProgram:<Relative path>] 


[/ReferralServer:<Server name> 
[/WdsClientUnattend:<Relative path>] 
[/BootImage:<Relative path>] 
[/User:<Owner> ] 
[/JoinRights:{JoinOnly | Full}] 
[/JoinDomain:{Yes | No}] 
[/BindPolicy] 
[/Policy:{Include | Exclude}] 
[/add] 
/address:<IP or MAC address> 
/addresstype:(IP | MAC) 
[/remove] 

/address:<IP or MAC address> 

/addresstype:{IP | MAC} 
[/RefreshPeriod:<time in seconds>] 
[/BannedGuidPolicy] 
[/add] 
/Guid:<GUID> 
[/remove ] 
/Guid:<GUID> 
[/BcdRefreshPolicy] 
[/Enabled:(Yes | No)] 
[/RefreshPeriod:<time in minutes>] 





[/Transport ] 
[/ObtainIpv4From:{Dhcp | Range}] 
[/start:<start IP address>] 
[/End:<End IP address>] 
[/ObtainIpv6From: Range] 
[/start:<start IP address>] 
[/End:<End IP address>] 
[/startPort:<start Port> 
[/EndPort:<start Port> 
[/Profile:{1@Mbps | 1@@Mbps | 1Gbps | Custom}] 
[/MulticastSessionPolicy] 





[/Policy:(None | AutoDisconnect | Multistream)] 
[/Threshold:<Speed in KBps>] 
[/StreamCount:{2 | 3}] 

[/Fallback:{Yes | No}] 


[/forceNative ] 
Parameters 

PARAMETER DESCRIPTION 

[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 

[/Authorize:{Yes | No}] Specifies whether to authorize this server in Dynamic Host 
Control Protocol (DHCP). 

[/RogueDetection:{Yes | No}] Enables or disables DHCP rogue detection. 

[/AnswerClients:{All | Known | None}] Specifies which clients this server will answer. If you set this 
value to Known, a computer must be prestaged in active 
directory Domain Services (AD DS) before it will be answered 
by the Windows Deployment Services server. 

[/Responsedelay:] The amount of time that the server will wait before answering 


a booting client. This setting does not apply to prestaged 
computers. 


PARAMETER 


[/AllowN1 2forNewClients:{Yes | No}] 


[/ArchitectureDiscovery:(Yes | No)] 


[/resetBootProgram:{Yes | No}] 


[/DefaultX86X64Imagetype: {x86 | x64 | Both}] 


[/UseDhcpPorts:{Yes | No}] 


[/DhcpOption60:{Yes | No}] 


[/RpcPort:] 


[/PxepromptPolicy] 


[/BootProgram:] /Architecture:{x86 | ia64 | x64} 


DESCRIPTION 


for Windows Server 2008, specifies that unknown clients will 
not have to press the F12 key to initiate a network boot. 
Known clients will receive the boot program specified for the 
computer or, if not specified, the boot program specified for 
the architecture. 


for Windows Server 2008 R2, this option has been 
replaced with the following command: wdsutil /Set-Server 
/PxepromptPolicy /New:Noprompt 


Enables or disables architecture discovery. This facilitates the 
discovery of x64-based clients that do not broadcast their 
architecture correctly. 


Determines whether the boot path will be erased for a client 
that has just booted without requiring an F12 key press. 


Controls which boot images will be shown to x64-based 
clients. 


Specifies whether or not the PXE server should attempt to 
bind to the DHCP port, TCP port 67. If DHCP and Windows 
Deployment Services are running on the same computer, you 
should set this option to No to enable the DHCP server to 
utilize the port, and set the /DhcpOption60 parameter to 
Yes. The default setting for this value is Yes. 


Specifies whether DHCP option 60 should be configured for 
PXE support. If DHCP and Windows Deployment Services are 
running on the same server, set this option to Yes and set 
the /UseDhcpPorts option to No. The default setting for 
this value is No. 


Specifies the TCP port number to be used to service client 
requests. 


Configures how known (prestaged) and new clients initiate a 
PXE boot. This option only applies to Windows Server 2008 
R2. You set the settings using the following options: 

- [/Known:{OptIn|OptOut|Noprompt}] - Sets the policy for 
prestaged clients. 

- [/New:{OptIn|OptOut|Noprompt}] - Sets the policy for 
new clients. 


Optin means the client needs to press a key in order to 
PXE boot, otherwise it will fall back to the next boot 
device. 


Noprompt means the client will always PXE Boot. 


OptOut means the client will PXE boot unless the Esc key 
is pressed. 


Specifies the relative path to the boot program in the 
remotelnstall folder (for example, boot\x86\pxeboot.n12), 
and specifies the architecture of the boot program. 


PARAMETER 


[/N12BootProgram:] /Architecture:(x86 | ia64 | x64) 


[/Bootlmage:] /Architecture:{x86 | ia64 | x64} 


[/PreferredDC:] 


[/PreferredGC:] 


[/PrestageUsingMAC:{Yes | No}] 


[/NewMachineNamingPolicy:] 


[/NewMachineOU] 


[/DomainSearchOrder:{GCOnly | DCFirst}] 


[/NewMachineDomainJoin:{Yes | No}] 


DESCRIPTION 


Specifies the relative path to the boot program that does not 
require pressing the F12 key (for example, 
boot\x86\pxeboot.n12), and specifies the architecture of 
the boot program. 


Specifies the relative path to the boot image that booting 
clients should receive, and specifies the architecture of the 
boot image. You can specify this for each architecture. 


Specifies the name of the domain controller that Windows 
Deployment Services should use. This can be either the 
NetBIOS name or the FQDN. 


Specifies the name of the global catalog server that Windows 
Deployment Services should use. This can be either the 
NetBIOS name or the FQDN. 


Specifies whether Windows Deployment Services, when 
creating computer accounts in AD DS, should use the MAC 
address rather than the GUID/UUID to identify the computer. 


Specifies the format to use when generating computer names 
for clients. For information about the format to use for , right- 
click the server in the mmc snap-in, click Properties, and 
view the directory Services tab. For example, 
/NewMachineNamingPolicy: %61Username%#. 


Used to specify the location in AD DS where client computer 
accounts will be created. You specify the location using the 
following options. 


- [/type: Serverdomain | Userdomain | UserOU | Custom ] 
Specifies the type of location. Serverdomain creates 
accounts in the same domain as the Windows 
Deployment Services server. Userdomain creates 
accounts in the same domain as the user performing the 
installation. UserOU creates accounts in the 
organizational unit of the user performing the installation. 
Custom allows you to specify a custom location (you 
must also specify a value for /OU with this option). 

- [/OU]] - if you specify Custom for the /type option, 
this option specifies the organizational unit where 
computer accounts should be created. 


Specifies the policy for searching computer accounts in AD DS 
(global catalog or domain controller). 


Specifies whether or not a computer that is not already 
prestaged in AD DS should be joined to the domain during 
installation. The default setting is Yes. 


PARAMETER 


[/WdsClientLogging] 


[/WdsUnattend] 


DESCRIPTION 


Specifies the logging level for the server. 


- [/Enabled:{Yes | No}] - Enables or disables logging of 
Windows Deployment Services client actions. 

- [/LoggingLevel: {None | Errors | Warnings | Info} - Sets 
the logging level. None is equivalent to disabling logging. 
Errors is the lowest level of logging and indicates that 
only errors will be logged. Warnings includes both 
warnings and errors. Info is the highest level of logging 
and includes errors, warnings, and informational events. 


These settings control the unattended installation behavior of 
Windows Deployment Services client. You set the settings 
using the following options: 


- [/Policy:{Enabled | Disabled}] - Specifies whether or not 
unattended installation is used. 

- [/CommandlinePrecedence: {Yes | No}] - Specifies 
whether an Autounattend.xml file (if present on the client) 
or an unattended setup file that was passed directly to 
the Windows Deployment Services client with the 
/Unattend option will be used instead of an image 
unattend file during a client installation. The default 
setting is No. 

- [/File: /Architecture:{x86 | ia64 | x64}] - Specifies the file 
name, path, and architecture of the unattend file. 


PARAMETER 


[/AutoaddPolicy] 


DESCRIPTION 


These settings control the Auto-add policy. You define the 
settings using the following options: 


- [/Policy: (AdminApproval | Disabled)] - AdminApprove 
causes all unknown computers to be added to a pending 
queue, where the administrator can then review the list of 
computers and approve or reject each request, as 
appropriate. Disabled indicates that no additional action 
is taken when an unknown computer attempts to boots 
to the server. 

- [/Polllnterval:{time in seconds}] - Specifies the interval 
(in seconds) at which the network boot program should 
poll the Windows Deployment Services server. 

- [/MaxRetry: ] - Specifies the number of times the 
network boot program should poll the Windows 
Deployment Services server. This value, along with 
/Pollinterval, dictates how long the network boot 
program will wait for an administrator to approve or 
reject the computer before timing out. For example, a 
MaxRetry value of 10 and a Polllnterval viue of 60 
would indicate that the client should poll the server 10 
times, waiting 60 seconds between tries. Therefore, the 
client would time out after 10 minutes (10 x 60 seconds 
= 10 minutes). 

- [/Message: ] - Specifies the message that is displayed to 
the client on the network boot program dialog page. 

- [/RetentionPeriod] - Specifies the number of days a 
computer can be in a pending state before being 
automatically purged. 

- [/Approved: ] - Specifies the retention period for 
approved computers. You must use this parameter with 
the /RetentionPeriod option. 

- [/Others: ] - Specifies the retention period for 
unapproved computers (rejected or pending). You must 
use this parameter with the /RetentionPeriod option. 


PARAMETER 


[/AutoaddSettings] 


[/BindPolicy] 


[/RefreshPeriod: ] 


[/BannedGuidPolicy] 


DESCRIPTION 


Specifies the default settings to be applied to each computer. 
You define the settings using the following options: 


- /Architecture: {x86 | ia64 | x64} - Specifies the 
architecture. 

- [/BootProgram: ] - Specifies the boot program sent to 
the approved computer. If no boot program is specified, 
the default for the architecture of the computer (as 
specified on the server) will be used. 

- [/WdsClientUnattend: ] - Sets the relative path to the 
unattend file that the approved client should receive. 

- [/ReferralServer: ] - Specifies the Windows Deployment 
Services server that the client will use to download 
images. 

- [/Bootlmage: ] - Specifies the boot image that the 
approved client will receive. 

- [/User: <Domain\User | User@Domain>] - Sets 
permissions on the computer account object to give the 
specified user the necessary rights to join the computer 
to the domain. 

- DoinRights: JoinOnly | Full}] - Specifies the type of 
rights to be assigned to the user. JoinOnly requires the 
administrator to reset the computer account before the 
user can join the computer to the domain. Full gives full 
access to the user, including the right to join the 
computer to the domain. 

- [JoinDomain: {Yes | No}] - Specifies whether or not the 
computer should be joined to the domain as this 
computer account during a Windows Deployment 
Services installation. The default setting is Yes. 


Configures the network interfaces for the PXE provider to 
listen on. You define the policy using the following options: 


- [/Policy: {Include | Exclude}] - Sets the interface bind 
policy to include or exclude the addresses on the interface 
list. 

- [/add] - adds an interface to the list. You must also 
specify /addresstype and /address. 

- [/remove] - removes an interface from the list. You must 
also specify /addresstype and /address. 

- /address: - Specifies the IP or MAC address of the 
interface to add or remove. 

- /addresstype: {IP | MAC} - Indicates the type of address 
specified in the /address option. 


Specifies how often (in seconds) the server will refreshes its 
settings. 


Manages the list of banned GUIDs using the following 
options: 

- [/add] /Guid: - adds the specified GUID to the list of 
banned GUIDs. Any client with this GUID will be identified 
by its MAC address instead. 

- [/remove] /Guid: - removes the specified GUID from the 
list of banned GUIDs. 


PARAMETER 


[/BcdRefreshPolicy] 


[/Transport] 


DESCRIPTION 


Configures the settings for refreshing Bcd files using the 
following options: 


- [/Enabled:{Yes | No}] - Specifies the Bcd refreshing policy. 
When /Enabled is set to Yes, Bcd files are refreshed at 
the specified time interval. 

- [/RefreshPeriod:] - Specifies the time interval at which 
Bcd files are refreshed. 


Configures the following options: 


© [/Obtainlpv4From: {Dhcp | Range}] - Specifies the 
source of IPv4 addresses. 


o [/start: ] - Specifies the start of the IP address 
range. This option is required and valid only if 
/Obtainlpv4From is set to Range 

o [/End: ] - Specifies the end of the IP address 
range. This option is required and valid only if 
/Obtainlpv4From is set to Range. 

e [/Obtainlpv6From:Range] [/start:] [/End:] Specifies the 
source of IPv6 addresses. This option only applies to 
Windows Server 2008 R2 and the only supported 
value is Range. 

e [/startPort: ] - Specifies the start of the port range. 

e [/EndPort: ] - Specifies the end of the port range. 

e [/Profile: {10Mbps | 100Mbps | 1Gbps | Custom}] - 
Specifies the network profile to be used. This option is 
only supported forservers running Windows Server 
2008. 

e [/MulticastSessionPolicy] Configures the transfer 
settings for multicast transmissions. This command is 
only available for Windows Server 2008 R2. 


° [/Policy:{None | AutoDisconnect | Multistream}] 
- Determines how to handle slow clients. None 
means to keep all clients in one session at the 
same speed. AutoDisconnect means that any 
clients that drop below the specified /Threshold 
will be disconnected. Multistream means clients 
will be separated into multiple sessions as 
specified by /StreamCount. 

o [/Threshold:] - for /Policy:AutoDisconnect, this 
option sets the minimum transfer rate in KBps. 
Clients that drop below this rate will be 
disconnected from multicast transmissions. 

o [/StreamCount:{2 | 3}] [/Fallback:{Yes | No}] - for 
/Policy:Multistream, this option determines the 
number of sessions. 2 means two sessions (fast 
and slow) 3 means three sessions (slow, 
medium, fast). 

° [/Fallback:{Yes| No}] - Determines whether 
clients that are disconnected will continue the 
transfer using another method (if supported 
by the client). If you are using the WDS client, 
the computer will fallback to unicasting. 
Wdsmcast.exe does not support a fallback 
mechanism. This option also applies to clients 
that do not support Multistream. In that case, 
the computer will fall back to another method 
instead of moving to a slower transfer session. 


Examples 


To set the server to answer only known clients, with a response delay of 4 minutes, type: 
wdsutil /Set-Server /AnswerClients:Known /Responsedelay:4 
To set the boot program and architecture for the server, type: 
wdsutil /Set-Server /BootProgram:boot\x86\pxeboot.n12 /Architecture: x86 
To enable logging on the server, type: 
wdsutil /Set-Server /WdsClientLogging /Enabled:Yes /LoggingLevel:Warnings 
To enable unattend on the server, as well as the architecture and the client unattend file, type: 
wdsutil /Set-Server /WdsUnattend /Policy:Enabled /File:WDSClientUnattend \unattend.xml /Architecture: x86 
To set the Pre-Boot execution Environment (PXE) server to attempt to bind to TCP ports 67 and 60, type: 


wdsutil /Set-server /UseDhcpPorts:No /DhcpOption6@: Yes 


Additional References 


e Command-Line Syntax Key 

e wdsutil disable-server command 
e wdsutil enable-server command 
e wdsutil get-server command 

e wdsutil initialize-server command 
e wdsutil start-server command 

e wdsutil stop-server command 


e wdsutil uninitialize-server command 


wdsutil set-transportser ver 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Sets configuration settings for a Transport Server. 


Syntax 


wdsutil [Options] /Set-TransportServer [/Server:<Server name>] 
[/ObtainIpv4From:{Dhcp | Range}] 
[/start:<starting IP address>] 
[/End:<Ending IP address>] 
[/ObtainIpv6From: Range] \n\ 
[/start:<start IP address>]\n\ 
[/End:<End IP address>] 
[/startPort:<starting port> 
[/EndPort:<starting port> 
[/Profile:{1@Mbps | 1@@Mbps | 1Gbps | Custom}] 
[/MulticastSessionPolicy] 

[/Policy:(None | AutoDisconnect | Multistream)] 
[/Threshold:<Speed in KBps>] 
[/StreamCount:{2 | 3}] 

[/Fallback:{Yes | No}] 


Parameters 


PARAMETER DESCRIPTION 


[/Server:] Specifies the name of the Transport Server. This can be the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no Transport Server name is specified, the local server is used. 


[/Obtainlpv4From:{Dhcp | Range}] Sets the source of the IPv4 addresses as follows: 


- [/start: ] Sets the start of the IP address range. This is 
required and valid only if this option is set to Range. 

- [/End: ] Sets the end of the IP address range. This is 
required and valid only if this option is set to Range. 

- [/startPort: ] Sets the start of the port range. 

- [/EndPort: ] Sets the end of the port range. 


[/Obtainlpv6From:Range] Specifies the source of IPv6 addresses. This option only 
applies to Windows Server 2008 R2 and the only supported 
value is Range. 


- [/start: ] Sets the start of the IP address range. This is 
required and valid only if this option is set to Range. 

- [/End: ] Sets the end of the IP address range. This is 
required and valid only if this option is set to Range. 

- [/startPort: ] Sets the start of the port range. 

- [/EndPort: ] Sets the end of the port range. 


PARAMETER DESCRIPTION 


[/Profile: (10Mbps | 100Mbps | 1Gbps | Custom}] Specifies the network profile to be used. This option is only 
available for servers running Windows Server 2008 or 
Windows Server 2003. 


[/MulticastSessionPolicy] Configures the transfer settings for multicast transmissions. 
This command is only available for Windows Server 2008 R2. 


- [/Policy:{None | AutoDisconnect | Multistream}] 
Determines how to handle slow clients. None means to 
keep all clients in one session at the same speed. 
AutoDisconnect means that any clients that drop below 
the specified /Threshold are disconnected. Multistream 
means clients will be separated into multiple sessions as 
specified by /StreamCount. 

- [/Threshold:] Sets the minimum transfer rate in KBps for 
/Policy:AutoDisconnect. Clients that drop below this 
rate are disconnected from multicast transmissions. 

- [/StreamCount:{2 | 3}] [/Fallback:{Yes | No}] Determines 
the number of sessions for /Policy:Multistream. 2 
means two sessions (fast and slow), and 3 means three 
sessions (slow, medium, fast). 

- [/Fallback:{Yes | No}] Determines whether clients tha are 
disconnected will continue the transfer by using another 
method (if supported by the client). If you are using the 
WDS client, the computer will fall back to unicasting. 
Wdsmcast.exe does not support a fallback mechanism. 
This option also applies to clients that do not support 
Multistream. In that case, the computer will fall back to 
another method instead of moving to a slower transfer 
session. 


Examples 


To set the IPv4 address range for the server, type: 


wdsutil /Set-TransportServer /ObtainIpv4From:Range /start:239.0.0.1 /End:239.0.0.100 


To set the IPv4 address range, port range, and profile for the server, type: 


wdsutil /Set-TransportServer /Server:MyWDSServer /ObtainIpv4From:Range /start:239.0.0.1 /End:239.0.0.100 
/startPort:12000 /EndPort:50000 /Profile:1@mbps 


Additional References 


e Command-Line Syntax Key 

e wdsutil disable-transportserver command 
e wdsutil enable-transportserver command 
e wdsutil get-transportserver command 

e wdsutil start-transportserver command 


e wdsutil stop-transportserver command 


wdsutil start-multicasttransmission 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Starts a Scheduled-Cast transmission of an image. 


Syntax 


Windows Server 2008 


wdsutil /start-MulticastTransmissiomedia:<Image name> [/Server:<Server namemediatype:InstallmediaGroup:<Image 
group name>] [/Filename:<File name>] 


Windows Server 2008 R2 for boot images: 


wdsutil [Options] /start-MulticastTransmissiomedia:<Image name> 
[/Server:<Server name>] 
mediatype: Boot 
/Architecture:{x86 | ia64 | x64} 
[/Filename:<File name>] 


for install images: 


wdsutil [Options] /start-MulticastTransmissiomedia:<Image name> 
[/Server:<Server name>] 
mediatype: Install 
mediaGroup:<Image Group>] 
[/Filename:<File name>] 


Parameters 

PARAMETER DESCRIPTION 

media: Specifies the name of the image. 

[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 

mediatype:(Install|Boot) Specifies the image type. Note that this option must be set to 
Install for Windows Server 2008. 

/Architecture:{x86 | ia64 | x64} The architecture of the boot image that is associated with the 


transmission to start. Since it is possible to have the same 
image name for boot images in different architectures, you 
should specify the architecture to ensure that the correct 
transmission is used. 


PARAMETER DESCRIPTION 


ImediaGroup:] Specifies the image group of the image. If no image group 
name is specified and only one image group exists on the 
server, that image group will be used. If more than one image 
group exists on the server, you must use this option to 
specify the image group name. 


[/Filename:] Specifies the name of the file that contains the image. If the 
image cannot be uniquely identified by name, you must use 
this option to specify the file name. 


Examples 


To start a multicast transmission, type one of the following: 


wdsutil /start-MulticastTransmissiomedia:Vista with Office 

/Imagetype: Install 

wdsutil /start-MulticastTransmission /Server:MyWDSServemedia:Vista with 
Officemediatype:InstalmediaGroup:ImageGroup1 /Filename:install.wim 


To start a boot image multicast transmission for Windows Server 2008 R2, type: 


wdsutil /start-MulticastTransmission /Server:MyWDSServemedia:X64 Boot Imagemediatype:Boot /Architecture: x64 
/Filename:boot.wim\n\ 


Additional References 


e Command-Line Syntax Key 

e wdsutil get-allmulticasttransmissions command 
e wdsutil get-multicasttransmission command 

e wdsutil new-multicasttransmission command 


e wdsutil remove-multicasttransmission command 


wdsutil start-namespace 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Starts a Scheduled-Cast namespace. 


Syntax 


wdsutil /start-Namespace /Namespace:<Namespace name[/Server:<Server name>] 


Parameters 


PARAMETER DESCRIPTION 


/Namespace:< Namespace name Specifies the name of the namespace. Note that this is not the 
friendly name, and it must be unique. 


- Deployment Server: The syntax for namespace name 
is /Namspace:WDS://. For example: 

WDS:ImageGroup1 /install.wim/1 

- Transport Server: This name must match the name 
given to the namespace when it was created on the 
server. 


[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 


Examples 
To start a namespace, type one of the following: 


wdsutil /start-Namespace /Namespace:Custom Auto 1 
wdsutil /start-Namespace /Server:MyWDSServer /Namespace:Custom Auto 1 


Additional References 


e Command-Line Syntax Key 
e wdsutil get-allnamespaces command 
e wdsutil new-namespace command 


e wdsutil remove-namespace command 


wdsutil start-server 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Starts all services for a Windows Deployment Services server. 


Syntax 


wdsutil [Options] /start-Server [/Server:<Server name>] 


Parameters 
PARAMETER DESCRIPTION 
[/Server:] Specifies the name of the server to be started. This can be 
either the NetBIOS name or the fully qualified domain name 
(FQDN). If no server name is specified, the local server will be 
used. 
Examples 


To start the server, type one of the following: 


wdsutil /start-Server 
wdsutil /verbose /start-Server /Server:MyWDSServer 


Additional References 


e Command-Line Syntax Key 

e wdsutil disable-server command 
e wdsutil enable-server command 
e wdsutil get-server command 

e wdsutil initialize-server command 
e wdsutil set-server command 

e wdsutil stop-server command 

e wdsutil start-server command 


e wdsutil uninitialize-server command 


wdsutil start-transportserver 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Starts all services for a Transport Server. 


Syntax 


wdsutil [Options] /start-TransportServer [/Server:<Server name>] 


Parameters 
PARAMETER DESCRIPTION 
[/Server:] Specifies the name of the Transport Server. This can be either 
the NetBIOS name or the fully qualified domain name 
(FQDN). If no server name is specified, the local server will be 
used. 
Examples 


To start the server, type one of the following: 


wdsutil /start-TransportServer 
wdsutil /verbose /start-TransportServer /Server:MyWDSServer 


Additional References 


e Command-Line Syntax Key 

e wdsutil disable-transportserver command 
e wdsutil enable-transportserver command 
e wdsutil get-transportserver command 

e wdsutil set-transportserver command 


e wdsutil stop-transportserver command 


wdsutil stop-server 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Stops all services on a Windows Deployment Services server. 


Syntax 


wdsutil [Options] /Stop-Server [/Server:<Server name>] 


Parameters 
PARAMETER DESCRIPTION 
[/Server:] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 
Examples 


To stop the services, type one of the following: 


wdsutil /Stop-Server 
wdsutil /verbose /Stop-Server /Server:MyWDSServer 


Additional References 


e Command-Line Syntax Key 

e wdsutil disable-server command 
e wdsutil enable-server command 
e wdsutil get-server command 

e wdsutil initialize-server command 
e wdsutil set-server command 

e wdsutil start-server command 


e wdsutil uninitialize-server command 


wdsutil stop-transportserver 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Stops all services on a Transport Server. 


Syntax 


wdsutil [Options] /Stop-TransportServer [/Server:<Server name>] 


Parameters 
PARAMETER DESCRIPTION 
[/Server:] Specifies the name of the Transport Server. This can be either 
the NetBIOS name or the fully qualified domain name 
(FQDN). If no Transport Server is specified, the local server will 
be used. 
Examples 


To stop the services, type one of the following: 


wdsutil /Stop-TransportServer 
wdsutil /verbose /Stop-TransportServer /Server:MyWDSServer 


Additional References 


e Command-Line Syntax Key 

e wdsutil disable-transportserver command 
e wdsutil enable-transportserver command 
e wdsutil get-transportserver command 

e wdsutil set-transportserver command 


e wdsutil start-transportserver command 


wdsutil uninitialize-server 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 


Server 2012 R2, Windows Server 2012 


Reverts changes made to the server during the initial server configuration. This includes changes made by either 
the /initialize-server option or the Windows Deployment Services mmc snap-in. Note that this command 
resets the server to an unconfigured state. This command does not modify the contents of the remotelnstall 
shared folder. Rather, it resets the server's state so that you can reinitialize the server. 


Syntax 


wdsutil [Options] /Uninitialize-Server [/Server:<Server name>] 


Parameters 


PARAMETER 


[/Server:] 


Examples 


DESCRIPTION 


Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 


To reinitialize the server, type one of the following: 


wdsutil /Uninitialize-Server 
wdsutil /verbose /Uninitialize-Server /Server:MyWDSServer 


Additional References 


Command-Line Syntax Key 
wdsutil disable-server command 
wdsutil enable-server command 
wdsutil get-server command 
wdsutil initialize-server command 
wdsutil set-server command 
wdsutil start-server command 


wdsutil stop-server command 


Update-ServerFiles 
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Updates files in the REMINST shared folder by using the latest files that are stored in the server's 
%Windir%\System32\RemInst folder. To ensure the validity of your Windows Deployment Services installation, you 
should run this command once after each server upgrade, service pack installation, or update to Windows 
Deployment Services files. 


Syntax 


wdsutil [Options] /Update-ServerFiles [/Server:<Server name>] 


Parameters 
PARAMETER DESCRIPTION 
[/Server:<Server name>] Specifies the name of the server. This can be either the 
NetBIOS name or the fully qualified domain name (FQDN). If 
no server name is specified, the local server will be used. 
Examples 


To update the files, type one of the following: 


wdsutil /Update-ServerFiles 
wdsutil /Verbose /Progress /Update-ServerFiles /Server:MyWDSServer 


Additional References 


e Command-Line Syntax Key 


Using the verbose command 
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Displays verbose output for a specified command. You can use /verbose with any other wdsutil commands that 
you run. Note that you must specify /verbose and /progress directly after wdsutil. 


Syntax 


wdsutil /verbose <commands> 


Examples 


To delete approved computers from the Auto-Add database and show verbose output, type: 


wdsutil /Verbose /progress /Delete-AutoAddDevices /Server:MyWDSServer /DeviceType:ApprovedDevices 


wecutil 
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Enables you to create and manage subscriptions to events that are forwarded from remote computers. The remote 


computer must support the WS-Management protocol. 





IMPORTANT 


If you receive the message, “The RPC server is unavailable? when you try to run wecutil, you need to start the Windows 


Event Collector service (wecsvc). To start wecsvc, at an elevated command prompt type net start wecsvc . 





Syntax 


wecutil [{es | enum-subscription}] [{gs | get-subscription} <Subid> [/f:<Format>] [/uni:<Unicode>]] [{gr | 
get-subscriptionruntimestatus} <Subid> [<Eventsource> ..]] [{ss | set-subscription} [<Subid> [/e: 
[<Subenabled>]] [/esa:<Address>] [/ese:[<Srcenabled>]] [/aes] [/res] [/un:<Username>] [/up:<Password>] [/d: 
<Desc>] [/uri:<Uri>] [/cm:<Configmode>] [/ex:<Expires>] [/q:<Query>] [/dia:<Dialect>] [/tn:<Transportname>] 
[/tp:<Transportport>] [/dm:<Deliverymode>] [/dmi:<Deliverymax>] [/dmlt:<Deliverytime>] [/hi:<Heartbeat>] [/cf: 
<Content>] [/1:<Locale>] [/ree:[<Readexist>]] [/1lf:<Logfile>] [/pn:<Publishername>] [/essp:<Enableport>] [/hn: 
<Hostname>] [/ct:<Type>]] [/c:<Configfile> [/cun:<Username> /cup:<Password>]]] [{cs | create-subscription} 
<Configfile> [/cun:<Username> /cup:<Password>]] [{ds | delete-subscription} <Subid>] [{rs | retry- 
subscription} <Subid> [<Eventsource>..]] [{qc | quick-config} [/q:[<quiet>]]] 


Parameters 


PARAMETER 


{es | enum-subscription} 


{gs | get-subscription} <Subid> [/f:<Format>] [/uni: 


<Unicode>] 


{gr | get-subscriptionruntimestatus} <Subid> 
[<Eventsource> ..] 


DESCRIPTION 


Displays the names of all remote event subscriptions that 
exist. 


Displays remote subscription configuration information. 
<Subid> is a string that uniquely identifies a subscription. It's 
the same as the string that was specified in the 
<SubscriptionId> tag of the XML configuration file, which 
was used to create the subscription. 


Displays the runtime status of a subscription. <Subid> isa 
string that uniquely identifies a subscription. It's the same as 
the string that was specified in the <SubscriptionId> tag of 
the XML configuration file, which was used to create the 
subscription. <Eventsource> is a string that identifies a 
computer that serves as a source of events. It should be a 
fully qualified domain name, a NetBIOS name, or an IP 
address. 


PARAMETER 


{ss | set-subscription) <Subid> [/e:[<Subenabled>]] 
[/esa:<Address>] [/ese:[<Srcenabled>]] [/aes] [/res] 
[/un:<Username>] [/up:<Password>] [/d:<Desc>] [/uri: 
<Uri>] [/cm:<Configmode>] [/ex:<Expires>] [/q: 
<Query>] [/dia:<Dialect>] [/tn:<Transportname> ] 
[/tp:<Transportport>] [/dm:<Deliverymode>] [/dmi: 
<Deliverymax>] [/dmlt:<Deliverytime>] [/hi: 
<Heartbeat>] [/cf:<Content>] [/1:<Locale>] [/ree: 
[<Readexist>]] [/lf:<Logfile>] [/pn:<Publishername> ] 
[/essp:<Enableport>] [/hn:<Hostname>] [/ct:<Type>] 


OR 


{ss | set-subscription /c:<Configfile> [/cun: 
<Comusername> /cup:<Compassword> ] 


{cs | create-subscription} <Configfile> [/cun: 
<Username> /cup:<Password> ] 


{ds | delete-subscription} <Subid> 


{rs | retry-subscription) <Subid> [<Eventsource>..] 


{qc | quick-config) [/q:[<Quiet>]] 


Options 


OPTION 


/f: <Format> 


DESCRIPTION 


Changes the subscription configuration. You can specify the 
subscription ID and the appropriate options to change 
subscription parameters, or you can specify an XML 
configuration file to change subscription parameters. 


Creates a remote subscription. <Configfile> specifies the 
path to the XML file that contains the subscription 
configuration. The path can be absolute or relative to the 
current directory. 


Deletes a subscription and unsubscribes from all event sources 
that deliver events into the event log for the subscription. Any 
events already received and logged are not deleted. <Subid> 
is a string that uniquely identifies a subscription. It's the same 
as the string that was specified in the <SubscriptionId> tag 
of the XML configuration file, which was used to create the 
subscription. 


Retries to establish a connection and send a remote 
subscription request to an inactive subscription. Attempts to 
reactivate all event sources or specified event sources. 
Disabled sources are not retried. <Subid> is a string that 
uniquely identifies a subscription. It's the same as the string 
that was specified in the <SubscriptionId> tag of the XML 
configuration file, which was used to create the subscription. 

<Eventsource> is a string that identifies a computer that 
serves as a source of events. It should be a fully qualified 
domain name, a NetBIOS name, or an IP address. 


Configures the Windows Event Collector service to ensure a 

subscription can be created and sustained through reboots. 

This includes the following steps: 

1. Enable the ForwardedEvents channel if it is disabled. 

2. Set the Windows Event Collector service to delay start. 

3. Start the Windows Event Collector service if it is not 
running. 


DESCRIPTION 


Specifies the format of the information that is displayed. 

<Format> can be XML or Terse. If it's XML, the output is 
displayed in XML format. If it's Terse, the output is displayed 
in name-value pairs. The default is Terse. 


OPTION 


/c. <Configfile> 


/e:[ <Subenabled> |] 


/esa: <Address> 


/ese:[ <Srcenabled> ] 


/aes 


/res 


/un: <Username> 


/up: <Password> 


/d: <Desc> 


/uri: <Uri> 


/cm: <Configmode> 


DESCRIPTION 


Specifies the path to the XML file that contains a subscription 
configuration. The path can be absolute or relative to the 
current directory. This option can only be used with the /cun 
and /cup options and is mutually exclusive with all other 
options. 


Enables or disables a subscription. <Subenabled> can be true 
or false. The default value of this option is true. 


Specifies the address of an event source. <Address> isa 
string that contains a fully qualified domain name, a NetBIOS 
name, or an IP address, which identifies a computer that 
serves as a source of events. This option should be used with 
the /ese, /aes, /res, or /un and /up options. 


Enables or disables an event source. <Srcenabled> can be 


true or false. This option is allowed only if the /esa option is 
specified. The default value of this option is true. 


Adds the event source that is specified by the /esa option if it 
is not already a part of the subscription. If the address 
specified by the /esa option is already a part of the 
subscription, an error is reported. This option is only allowed if 
the /esa option is specified. 


Removes the event source that is specified by the /esa option 
if it is already a part of the subscription. If the address 
specified by the /esa option is not a part of the subscription, 
an error is reported. This option is only allowed if /esa option 
is specified. 


Specifies the user credential to use with the event source 
specified by the /esa option. This option is only allowed if the 
/esa option is specified. 


Specifies the password that corresponds to the user credential. 
This option is only allowed if the /un option is specified. 


Provides a description for the subscription. 


Specifies the type of the events that are consumed by the 
subscription. <Uri> contains a URI string that is combined 
with the address of the event source computer to uniquely 
identify the source of the events. The URI string is used for all 
event source addresses in the subscription. 


Sets the configuration mode. <Configmode> can be one of 
the following strings: Normal, Custom, MinLatency or 
MinBandwidth. The Normal, MinLatency, and 
MinBandwidth modes set delivery mode, delivery max 
items, heartbeat interval, and delivery max latency time. The 
/dm, /dmi, /hi or /dmlt options may only be specified if the 
configuration mode is set to Custom. 


OPTION 


/ex: <Expires> 


/q: <Query> 


/dia: <Dialect> 


/tn: <Transportname> 


/tp: <Transportport> 


/dm: <Deliverymode> 


/dmi: <Deliverymax> 


/dmlt: <Deliverytime> 


/hi: <Heartbeat> 


/cf: <Content> 


/l: <Locale> 


/ree:[ <Readexist> ] 


/\f: <Logfile> 


DESCRIPTION 


Sets the time when the subscription expires. <Expires> 
should be defined in standard XML or ISO8601 date-time 
format: yyyy-MM-ddThh:mm:ss[.sss][Z] , Where Tis the time 
separator and Z indicates UTC time. 


Specifies the query string for the subscription. The format of 
<Query> may be different for different URI values and applies 
to all sources in the subscription. 


Defines the dialect that the query string uses. 


Specifies the name of the transport that is used to connect to 
a remote event source. 


Sets the port number that is used by the transport when 
connecting to a remote event source. 


Specifies the delivery mode. <Deliverymode> can be either 
pull or push. This option is only valid if the /cm option is set 
to Custom. 


Sets the maximum number of items for batched delivery. This 
option is only valid if /cm is set to Custom. 


Sets the maximum latency in delivering a batch of events. 
<Deliverytime> is the number of milliseconds. This option is 
only valid if /cm is set to Custom. 


Defines the heartbeat interval. <Heartbeat> is the number 


of milliseconds. This option is only valid if /cm is set to 
Custom. 


Specifies the format of the events that are returned. 

<Content> can be Events or RenderedText. When the value is 
RenderedText, the events are returned with the localized 
strings (such as event description) attached to the event. The 
default value is RenderedText. 


Specifies the locale for delivery of the localized strings in 
RenderedText format. <Locale> is a language and 
country/region identifier, for example, EN-us. This option is 
only valid if the /cf option is set to RenderedText. 


Identifies the events that are delivered for the subscription. 

<Readexist> can true or false. When the <Readexist> is 
true, all existing events are read from the subscription event 
sources. When the <Readexist> is false, only future (arriving) 
events are delivered. The default value is true for a /ree 
option without a value. If no /ree option is specified, the 
default value is false. 


Specifies the local event log that is used to store events 
received from the event sources. 


OPTION 


/pn: <Publishername> 


/essp: <Enableport> 


/hn: <Hostname> 


/ct: <Type> 


/cun: <Comusername> 


/cup: <Compassword> 


/q:[ <Quiet> ] 


Examples 


To show the contents of a configuration file, type: 


DESCRIPTION 


Specifies the publisher name. It must be a publisher that owns 
or imports the log specified by the /If option. 


Specifies that the port number must be appended to the 
service principal name of the remote service. <Enableport> 
can be true or false. The port number is appended when 

<Enableport> is true. When the port number is appended, 
some configuration may be required to prevent the access to 
event sources from being denied. 


Specifies the DNS name of the local computer. This name is 
used by remote event source to push back events and must 
be used only for a push subscription. 


Sets the credential type for the remote source access. 

<Type> should be one of the following values: default, 
negotiate, digest, basic or localmachine. The default value 
is default. 


Sets the shared user credential to be used for event sources 
that do not have their own user credentials. If this option is 
specified with the /c option, UserName and UserPassword 
settings for individual event sources from the configuration file 
are ignored. If you want to use a different credential for a 
specific event source, you should override this value by 
specifying the /un and /up options for a specific event source 
on the command line of another ss command. 


Sets the user password for the shared user credential. When 

<Compassword> is set to * (asterisk), the password is read 
from the console. This option is only valid when the /cun 
option is specified. 


Specifies whether the configuration procedure prompts for 
confirmation. <Quiet> can be true or false. If <Quiet> is 
true, the configuration procedure does not prompt for 
confirmation. The default value of this option is false. 


«Subscription xmlns=https://schemas.microsoft.com/2006/03/windows/events/subscription> 
<Uri>https://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</Uri> 
<!-- Use Normal (default), Custom, MinLatency, MinBandwidth --> 
<ConfigurationMode>Normal</ConfigurationMode> 
<Description>Forward Sample Subscription</Description> 
<SubscriptionId>SampleSubscription</SubscriptionId> 
<Query><! [CDATA[ 
<QueryList> 
<Query Path=Application> 
<Select>*</Select> 
</Query> 
</QueryList>]] 
</Query> 
<EventSources> 
<EventSource Enabled=true> 
<Address>mySource.myDomain. com</Address> 
<UserName>myUserName</UserName> 
<Password>*</Password> 
</EventSource> 
</EventSources> 
<CredentialsType>Default</CredentialsType> 
<Locale Language=EN-US></Locale> 
</Subscription> 


To view the output configuration information for a subscription named sub1, type: 


wecutil gs sub1 


Example output: 


EventSource[@]: 

Address: localhost 

Enabled: true 

Description: Subscription 1 
Uri: wsman:microsoft/logrecord/sel 
DeliveryMode: pull 
DeliveryMaxSize: 16000 
DeliveryMaxItems: 15 
DeliveryMaxLatencyTime: 1000 
HeartbeatInterval: 10000 
Locale: 

ContentFormat: renderedtext 
LogFile: HardwareEvents 


To display the runtime status of a subscription named sub1, type: 


wecutil gr sub1 


To update the subscription configuration named sub7 from a new XML file called WsSe/Rg2.xml, type: 


wecutil ss sub1 /c:%Windir%system32WsSelRg2. xml 


To update the subscription configuration named sub2 with multiple parameters, type: 


wecutil ss sub2 /esa:myComputer /ese /un:uname /up:* /cm:Normal 


To delete a subscription named sub1, type: 


wecutil ds sub1 


Additional References 


e Command-Line Syntax Key 


wevtutil 
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Enables you to retrieve information about event logs and publishers. You can also use this command to install and 


uninstall event manifests, to run queries, and to export, archive, and clear logs. 


Syntax 


wevtutil [fel | enum-logs)] [(gl | get-log) <Logname> [/f:<Format>]] 
[{sl | set-log} <Logname> [/e:<Enabled>] [/i:<Isolation>] [/lfn:<Logpath>] [/rt:<Retention>] [/ab:<Auto>] 
[/ms:<MaxSize>] [/1:<Level>] [/k:<Keywords>] [/ca:<Channel>] [/c:<Config>]] 


[fep | enum-publishers)] 


[fgp | get-publisher) <Publishername> [/ge:<Metadata>] [/gm:<Message>] [/f:<Format>]] [{im | install-manifest} 


<Manifest>] 


[fum | uninstall-manifest) <Manifest>] [{qe | query-events) <Path> [/lf:<Logfile>] [/sq:<Structquery>] [/q: 
<Query>] [/bm:<Bookmark>] [/sbm:<Savebm>] [/rd:<Direction>] [/f:<Format>] [/1:<Locale>] [/c:<Count>] [/e: 


<Element>]] 
[fgli | get-loginfo) <Logname> [/1f:<Logfile>]] 


[{epl | export-log} <Path> <Exportfile> [/1f:<Logfile>] [/sq:<Structquery>] [/q:<Query>] [/ow:<Overwrite>]] 


{{al | archive-log} <Logpath> [/1:<Locale>]] 


[{cl | clear-log} <Logname> [/bu:<Backup>]] [/r:<Remote>] [/u:<Username>] [/p:<Password>] [/a:<Auth>] [/uni: 


<Unicode>] 


Parameters 


PARAMETER 


{el | enum-logs} 


{gl | get-log} <Logname> [/f:<Format>] 


{sl | set-log} <Logname> [/e:<Enabled>] [/i:<Isolation>] [/Ifn: 
<Logpath>] [/rt:<Retention>] [/ab:<Auto>] [/ms:<MaxSize>] 
[/l:<Level>] [/k:<Keywords>] [/ca:<Channel>] [/c<Config>] 


{ep | enum-publishers} 


{gp | get-publisher} <Publishername> [/ge:<Metadata>] [/gm: 


<Message>] [/f:<Format>]] 


{im | install-manifest} <Manifest> 


{um | uninstall-manifest} <Manifest> 


DESCRIPTION 


Displays the names of all logs. 


Displays configuration information for the specified log, which 
includes whether the log is enabled or not, the current 
maximum size limit of the log, and the path to the file where 
the log is stored. 


Modifies the configuration of the specified log. 


Displays the event publishers on the local computer. 


Displays the configuration information for the specified event 
publisher. 


Installs event publishers and logs from a manifest. For more 
information about event manifests and using this parameter, 
see the Windows Event Log SDK at the Microsoft Developers 
Network (MSDN) Web site (https://msdn.microsoft.com). 


Uninstalls all publishers and logs from a manifest. For more 
information about event manifests and using this parameter, 
see the Windows Event Log SDK at the Microsoft Developers 
Network (MSDN) Web site (https://msdn.microsoft.com). 


PARAMETER 


{qe | query-events} <Path> [/If:<Logfile>] [/sq:<Structquery>] 
[/q:<Query>] [/bm:<Bookmark>] [/sbm:<Savebm>] [/rd: 
<Direction>] [/f:<Format>] [/l:<Locale>] [/c<Count>] [/e: 
<Element>] 


{gli | get-loginfo} <Logname> [/If:<Logfile>] 


{epl | export-log} <Path> <Exportfile> [/lf:<Logfile>] [/sq: 
<Structquery>] [/q:<Query>] [/ow:<Overwrite>] 


{al | archive-log) <Logpath> [/l:<Locale>] 


{cl | clear-log} <Logname> [/bu:<Backup>] 


Options 


/f:<Format> 


/e:<Enabled> 


/i:<Isolation> 


/Ifn:<Logpath> 


DESCRIPTION 


Reads events from an event log, from a log file, or using a 
structured query. By default, you provide a log name for 
<Path>. However, if you use the /If option, then <Path> must 
be a path to a log file. If you use the /sq parameter, <Path> 
must be a path to a file that contains a structured query. 


Displays status information about an event log or log file. If 
the /If option is used, <Logname> is a path to a log file. You 
can run wevtutil el to obtain a list of log names. 


Exports events from an event log, from a log file, or using a 
structured query to the specified file. By default, you provide a 
log name for <Path>. However, if you use the /If option, then 
<Path> must be a path to a log file. If you use the /sq option, 
<Path> must be a path to a file that contains a structured 
query. <Exportfile> is a path to the file where the exported 
events will be stored. 


Archives the specified log file in a self-contained format. A 
subdirectory with the name of the locale is created and all 
locale-specific information is saved in that subdirectory. After 
the directory and log file are created by running wevtutil al, 
events in the file can be read whether the publisher is installed 
or not. 


Clears events from the specified event log. The /bu option can 
be used to back up the cleared events. 


DESCRIPTION 


Specifies that the output should be either XML or text format. 
If <Format> is XML, the output is displayed in XML format. If 
<Format> is Text, the output is displayed without XML tags. 
The default is Text. 


Enables or disables a log. <Enabled> can be true or false. 


Sets the log isolation mode. <Isolation> can be system, 
application or custom. The isolation mode of a log determines 
whether a log shares a session with other logs in the same 
isolation class. If you specify system isolation, the target log 
will share at least write permissions with the System log. If you 
specify application isolation, the target log will share at least 
write permissions with the Application log. If you specify 
custom isolation, you must also provide a security descriptor 
by using the /ca option. 


Defines the log file name. <Logpath> is a full path to the file 
where the Event Log service stores events for this log. 


OPTION 


/rt:<Retention> 


/ab:<Auto> 


/ms:< MaxSize> 


/\:<Level> 


/k:<Keywords> 


/ca:<Channel> 


/c:<Config> 


/ge:<Metadata> 


/gm:<Message> 


/lf:< Logfile> 


/sq:<Structquery> 


DESCRIPTION 


Sets the log retention mode. <Retention> can be true or false. 
The log retention mode determines the behavior of the Event 
Log service when a log reaches its maximum size. If an event 
log reaches its maximum size and the log retention mode is 
true, existing events are retained and incoming events are 
discarded. If the log retention mode is false, incoming events 
overwrite the oldest events in the log. 


Specifies the log auto-backup policy. <Auto> can be true or 
false. If this value is true, the log will be backed up 
automatically when it reaches the maximum size. If this value 
is true, the retention (specified with the /rt option) must also 
be set to true. 


Sets the maximum size of the log in bytes. The minimum log 
size is 1048576 bytes (1024KB) and log files are always 
multiples of 64KB, so the value you enter will be rounded off 
accordingly. 


Defines the level filter of the log. <Level> can be any valid 
level value. This option is only applicable to logs with a 
dedicated session. You can remove a level filter by setting to 0. 


Specifies the keywords filter of the log. <Keywords> can be 
any valid 64 bit keyword mask. This option is only applicable 
to logs with a dedicated session. 


Sets the access permission for an event log. <Channel> is a 
security descriptor that uses the Security Descriptor Definition 
Language (SDDL). For more information about SDDL format, 
see the Microsoft Developers Network (MSDN) Web site 
(https://msdn.microsoft.com). 


Specifies the path to a configuration file. This option will cause 
log properties to be read from the configuration file defined in 
<Config>. If you use this option, you must not specify a 
parameter. The log name will be read from the configuration 
file. 


Gets metadata information for events that can be raised by 
this publisher. <Metadata> can be true or false. 


Displays the actual message instead of the numeric message 
ID. <Message> can be true or false. 


Specifies that the events should be read from a log or from a 
log file. <Logfile> can be true or false. If true, the parameter 
to the command is the path to a log file. 


Specifies that events should be obtained with a structured 
query. <Structquery> can be true or false. If true, is the path 
to a file that contains a structured query. 


OPTION 


/q:<Query> 


/bm:<Bookmark> 


/sbm: < Savebm> 


/rd:<Direction> 


/l:<Locale> 


/c.<Count> 


/e:<Element> 


/ow:<Overwrite> 


/bu:<Backup> 


/r:<Remote> 


/u:< Username> 


/p:<Password> 


/a:<Auth> 


/uni:<Unicode> 


DESCRIPTION 


Defines the XPath query to filter the events that are read or 
exported. If this option is not specified, all events will be 
returned or exported. This option is not available when /sq is 
true. 


Specifies the path to a file that contains a bookmark from a 
previous query. 


Specifies the path to a file that is used to save a bookmark of 
this query. The file name extension should be .xml. 


Specifies the direction in which events are read. <Direction> 
can be true or false. If true, the most recent events are 
returned first. 


Defines a locale string that is used to print event text in a 
specific locale. Only available when printing events in text 
format using the /f option. 


Sets the maximum number of events to read. 


Includes a root element when displaying events in XML. 
<Element> is the string that you want within the root 
element. For example, /e:root would result in XML that 
contains the root element pair <root>. 


Specifies that the export file should be overwritten. 
<Overwrite> can be true or false. If true, and the export file 
specified in already exists, it will be overwritten without 
confirmation. 


Specifies the path to a file where the cleared events will be 
stored. Include the .evtx extension in the name of the backup 
file. 


Runs the command on a remote computer. <Remote> is the 
name of the remote computer. The im and um parameters do 
not support remote operation. 


Specifies a different user to log on to a remote computer. 
<Username> is a user name in the form domain\user or user. 
This option is only applicable when the /r option is specified. 


Specifies the password for the user. If the /u option is used 
and this option is not specified or <Password> is , the user will 
be prompted to enter a password. This option is only 
applicable when the **/u* option is specified. 


Defines the authentication type for connecting to a remote 
computer. <Auth> can be Default, Negotiate, Kerberos or 
NTLM. The default is Negotiate. 


Displays the output in Unicode. <Unicode> can be true or 
false. If is true then the output is in Unicode. 


Remarks 


e Using a configuration file with the sl parameter 


The configuration file is an XML file with the same format as the output of wevtutil gl <Logname> /f:xml. To 
shows the format of a configuration file that enables retention, enables autobackup, and sets the maximum 


log size on the Application log: 


<?xml version=1.0 encoding=UTF-8?> 

<channel name=Application isolation=Application 
xmlns=https://schemas.microsoft.com/win/2004/08/events> 
<logging> 

<retention>true</retention> 
<autoBackup>true</autoBackup> 
<maxSize>9000000</maxSize> 

</logging> 

<publishing> 

</publishing> 

</channel> 


Examples 


List the names of all logs: 
wevtutil el 

Display configuration information about the System log on the local computer in XML format: 
wevtutil gl System /f:xml 

Use a configuration file to set event log attributes (see Remarks for an example of a configuration file): 
wevtutil sl /c:config.xml 


Display information about the Microsoft-Windows-Eventlog event publisher, including metadata about the events 
that the publisher can raise: 


wevtutil gp Microsoft-Windows-Eventlog /ge:true 
Install publishers and logs from the myManifestxml manifest file: 
wevtutil im myManifest. xml 
Uninstall publishers and logs from the myManifest.xml manifest file: 
wevtutil um myManifest. xml 
Display the three most recent events from the Application log in textual format: 


wevtutil ge Application /c:3 /rd:true /f:text 


Display the status of the Application log: 


wevtutil gli Application 


Export events from System log to CXbackupYsystem0506.evtx: 


wevtutil epl System C:\backup\system@506.evtx 


Clear all of the events from the Application log after saving them to C:\admin\backups\a10306.evtx: 


wevtutil cl Application /bu:C:\admin\backups\a10306.evtx 


Additional References 


e Command-Line Syntax Key 


where 
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Displays the location of files that match the given search pattern. 


Syntax 


where [/r <Dir>] [/q] [/] [/t] [$<ENV>:|<Path>:]<Pattern>[ ...] 


Parameters 

PARAMETER DESCRIPTION 

/t <Dir> Indicates a recursive search, starting with the specified 
directory. 

/q Returns an exit code (0 for success, 1 for failure) without 
displaying the list of matched files. 

/f Displays the results of the where command in quotation 
marks. 

/t Displays the file size and the last modified date and time of 
each matched file. 

[$<ENV>:|<Path>:]<Pattern>|[ ...] Specifies the search pattern for the files to match. At least one 
pattern is required, and the pattern can include wildcard 
characters (* and ?). By default, where searches the current 
directory and the paths that are specified in the PATH 
environment variable. You can specify a different path to 
search by using the format $ ENV Pattern (where ENV is an 
existing environment variable containing one or more paths) 
or by using the format Path: Pattern (where Path is the 
directory path you want to search). These optional formats 
should not be used with the /r command-line option. 

P Displays help at the command prompt. 

Remarks 


e If you do not specify a file name extension, the extensions listed in the PATHEXT environment variable are 
appended to the pattern by default. 


e Where can run recursive searches, display file information such as date or size, and accept environment 
variables in place of paths on local computers. 


Examples 


To find all files named Test in drive C of the current computer and its subdirectories, type: 


where /r c:N test 


To list all files in the Public directory, type: 
where $public:*.* 

To find all files named Notepad in drive C of the remote computer, Computer1, and its subdirectories, type: 
where /r \\computer1\c notepad.* 


Additional References 


e Command-Line Syntax Key 


whoami 
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Displays user, group and privileges information for the user who is currently logged on to the local system. If used 
without parameters, whoami displays the current domain and user name. 


Syntax 


whoami [/upn | /fqdn | /logonid] 
whoami {[/user] [/groups] [/priv]} [/fo <Format>] [/nh] 
whoami /all [/fo <Format>] [/nh] 


Parameters 

PARAMETER DESCRIPTION 

/upn Displays the user name in user principal name (UPN) format. 

/fqdn Displays the user name in fully qualified domain name (FQDN) 
format. 

/logonid Displays the logon ID of the current user. 

/user Displays the current domain and user name and the security 
identifier (SID). 

/groups Displays the user groups to which the current user belongs. 

/priv Displays the security privileges of the current user. 


/fo <Format> 


Specifies the output format. Valid values include: 

table Displays output in a table. This is the default value. 

list Displays output in a list. 

csv Displays output in comma-separated value (CSV) format. 


/all Displays all information in the current access token, including 
the current user name, security identifiers (SID), privileges, and 
groups that the current user belongs to. 

/nh Specifies that the column header should not be displayed in 
the output. This is valid only for table and CSV formats. 

/ Displays help at the command prompt. 

Examples 


To display the domain and user name of the person who is currently logged on to this computer, type: 


whoami 


Output similar to the following appears: 
DOMAIN1\administrator 

To display all of the information in the current access token, type: 
whoami /all 


Additional References 


e Command-Line Syntax Key 


winnt 
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Winnt is deprecated, and is not guaranteed to be supported in future releases of Windows. 


This tool is included in Windows Server 2003. For more information, see Winnt. 


winnt32 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Performs an installation of or upgrade to a product in Windows Server 2003. You can run winnt32 at the 
command prompt on a computer running Windows 95, Windows 98, Windows Millennium edition, Windows NT, 
Windows 2000, Windows XP or a product in the Windows Server 2003. If you run winnt32 on a computer 
running Windows NT version 4.0, you must first apply Service Pack 5 or later. 


Syntax 


winnt32 [/checkupgradeonly] [/cmd: <CommandLine>] [/cmdcons] [/copydir:{i386|ia64}\<FolderName>] [/copysource: 
<FolderName>] [/debug[<Level>]:[ <FileName>]] [/dudisable] [/duprepare: <pathName>] [/dushare: <pathName>] 
[/emsport:{com1|com2|usebiossettings|off}] [/emsbaudrate: <BaudRate>] [/m: <FolderName>] [/makelocalsource] 
[/noreboot] [/s: <Sourcepath>] [/syspart: <DriveLetter>] [/tempdrive: <DriveLetter>] [/udf: <ID>[,<UDB_File>]] 
[/unattend[<Num>]:[ <AnswerFile>]] 


Parameters 


PARAMETER DESCRIPTION 


/checkupgradeonly Checks your computer for upgrade compatibility with 
products in Windows Server 2003. 


if you use this option with /unattend, no user input is 
required. Otherwise, the results are displayed on the 
screen, and you can save them under the file name you 
specify. The default file name is upgrade.txt in the 
systemroot folder. 


/cmd Instructs setup to carry out a specific command before the 
final phase of setup. This occurs after your computer has 
restarted and after setup has collected the necessary 
configuration information, but before setup is complete. 


<CommandLine> Specifies the commandline to be carried out before the final 
phase of setup. 


/cmdcons On an x86-based computer, installs the recovery Console as a 
startup option. The recovery Console is a command-line 
interface from which you can perform tasks such as starting 
and stopping services and accessing the local drive (including 
drives formatted with NTFS). You can only use the /cmdcons 
option after setup is finished. 


PARAMETER 


/copydir 


<FolderName> 


/copysource 


/debug 


<level> 


/dudisable 


/duprepare 


<pathName> 


/dushare 


DESCRIPTION 


creates an additional folder within the folder in which the 
operating system files are installed. for example, for x86 and 
x64-based computers, you could create a folder called 
Private_drivers within the i386 source folder for your 
installation, and place driver files in the folder. type 
/copydir:i386\Private_drivers to have setup copy that folder 
to your newly installed computer, making the new folder 
location systemroot\Private_drivers. 


- i386 specifies i386 
- ia64 specifies ia64 


You can use /copydir to create as many additional folders 
as you want. 


Specifies the folder that you created to hold modifications for 
your site. 


creates a temporary additional folder within the folder in 
which the operating system files are installed. You can use 
/copysource to create as many additional folders as you 
want. 


Unlike the folders /copydir creates, /copysource folders 
are deleted after Setup completes. 


creates a debug log at the level specified, for example, 
/debug4:Debug.log. The default log file is C:\ 
systemroot\winnt32.log, and 


Level Values and descriptions 


- 0: Severe Errors 

- 1: Errors 

- 2: Default level. Warnings 

- 3: Information 

- 4: detailed information for debugging 


Each level includes the levels below it. 


Prevents Dynamic Update from running. Without Dynamic 
Update, setup runs only with the original setup files. This 
option will disable Dynamic Update even if you use an answer 
file and specify Dynamic Update options in that file. 


Carries out preparations on an installation share so that it can 
be used with Dynamic Update files that you downloaded from 
the Windows Update Web site. This share can then be used 
for installing Windows XP for multiple clients. 


Specifies full path name. 


Specifies a share on which you previously downloaded 
Dynamic Update files (updated files for use with Setup) from 
the Windows Update Web site, and on which you previously 
ran /duprepare: < pathName>. When run on a client, 
specifies that the client installation will make use of the 
updated files on the share specified in . 


PARAMETER 


/emsport 


/emsbaudrate 


<BaudRate> 


/m 


/makelocalsource 


/noreboot 


/s 


<Sourcepath> 


DESCRIPTION 


Enables or disables Emergency Management Services during 
setup and after the server operating system has been 
installed. With Emergency Management Services, you can 
remotely manage a server in emergency situations that would 
typically require a local keyboard, mouse, and monitor, such as 
when the network is unavailable or the server is not 
functioning properly. Emergency Management Services has 
specific hardware requirements, and is available only for 
products in Windows Server 2003. 


- com1 is applicable only for x86-based computers (not 
Itanium architecture-based computers). 

- com2is applicable only for x86-based computers (not 
Itanium architecture-based computers). 

- Default. Uses the setting specified in the BIOS Serial Port 
Console Redirection (SPCR) table, or, in Itanium 
architecture-based systems, through the EFI console 
device path. If you specify usebiossettings and there is 
no SPCR table or appropriate EFI console device path, 
Emergency Management Serices will not be enabled. 

- off disables Emergency Management Services. You can 
later enable it by modifying the boot settings. 


for x86-based computers, specifies the baud rate for 
Emergency Management Services. (The option is not 
applicable for Itanium architecture-based computers.) Must be 
used with /emsport:com1 or /emsport:com2 (otherwise, 
/emsbaudrate is ignored). 


Specifies baudrate of 9600, 19200, 57600, or 115200. 9600 is 
the default. 


Specifies that setup copies replacement files from an alternate 
location. Instructs setup to look in the alternate location first, 
and if files are present, to use them instead of the files from 
the default location. 


Instructs setup to copy all installation source files to your local 
hard disk. Use /makelocalsource when installing from a cd 
to provide installation files when the cd is not available later in 
the installation. 


Instructs setup to not restart the computer after the file copy 
phase of setup is completed so that you can run another 
command. 


Specifies the source location of the files for your installation. To 
simultaneously copy files from multiple servers, type the 
/s:<Sourcepath> option multiple times (up to a maximum of 
eight). If you type the option multiple times, the first server 
specified must be available, or setup will fail. 


Specifies full source path name. 


PARAMETER 


/syspart 


<DriveLetter> 


/tempdrive 


/udf 


<ID> 


<UDB file> 


/unattend 


<num> 


<AnswerFile> 


DESCRIPTION 


On an x86-based computer, specifies that you can copy setup 
startup files to a hard disk, mark the disk as active, and then 
install the disk into another computer. When you start that 
computer, it automatically starts with the next phase of setup. 


You must always use the /tempdrive parameter with the 
/syspart parameter. 


You can start winnt32 with the /syspart option on an 
x86-based computer running Windows NT 4.0, Windows 
2000, Windows XP or a product in Windows Server 2003. 
If the computer is running Windows NT version 4.0, it 
requires Service Pack 5 or later The computer cannot be 
running Windows 95, Windows 98, or Windows 
Millennium edition. 


Specifies the drive letter. 


directs setup to place temporary files on the specified 
partition. 


for a new installation, the server operating system will also 
be installed on the specified partition. 


for an upgrade, the /tempdrive option affects the 
placement of temporary files only; the operating system 
will be upgraded in the partition from which you run 
winnt32. 


Indicates an identifier (<ID>) that setup uses to specify how a 
Uniqueness Database (UDB) file modifies an answer file (see 
the /unattend option). The UDB overrides values in the 
answer file, and the identifier determines which values in the 
UDB file are used. For example, 
/udf:RAS_user,Our_company.udb overrides settings 
specified for the RAS_user identifier in the Our_company.udb 
file. If no <UDB_file> is specified, setup prompts the user to 
insert a disk that contains the $Unique$.udb file. 


Indicates an identifier used to specify how a Uniqueness 
Database (UDB) file modifies an answer file. 


Specifies a Uniqueness Database (UDB) file. 


On an x86-based computer, upgrades your previous version 
of Windows NT 4.0 Server (with Service Pack 5 or later) or 
Windows 2000 in unattended setup mode. All user settings 
are taken from the previous installation, so no user 
intervention is required during setup. 


Specifies the number of seconds between the time that setup 
finishes copying the files and when it restarts your computer. 
You can use <Num> on any computer running Windows 98, 
Windows Millennium edition, Windows NT, Windows 2000, 
Windows XP or a product in Windows Server 2003 . If the 
computer is running Windows NT version 4.0, it requires 
Service Pack 5 or later. 


Provides setup with your custom specifications 


PARAMETER DESCRIPTION 


P Displays help at the command prompt. 


Remarks 


If you are deploying Windows XP on client computers, you can use the version of winnt32.exe that comes with 
Windows XP. Another way to deploy Windows XP is to use winnt32.msi, which works through Windows Installer, 
part of the IntelliMirror set of technologies. For more information about client deployments, see the Windows 
Server 2003 Deployment Kit, which is described in Using the Windows Deployment and Resource Kits. 


On an Itanium-based computer, winnt32 can be run from the Extensible Firmware Interface (EFI) or from Windows 
Server 2003 Enterprise, Windows Server 2003 R2 Enterprise, Windows Server 2003 R2 Datacenter, or Windows 
Server 2003 Datacenter. Also, on an Itanium architecture-based computer, /cmdcons and /syspart are not 
available, and options relating to upgrades are not available. for more information about hardware compatibility, 
see Hardware compatibility. for more detailed information about using Dynamic Update and installing multiple 
clients, see the Windows Server 2003 Deployment Kit, which is described in Using the Windows Deployment and 
Resource Kits. for information about modifying boot settings, see the Windows Deployment and Resource Kits for 
Windows Server 2003. For more information, see Using the Windows Deployment and Resource Kits. Using the 
/unattend command-line option to automate setup affirms that you have read and accepted the Microsoft License 
Agreement for Windows Server 2003. Before using this command-line option to install Windows Server 2003 on 
behalf of an organization other than your own, you must confirm that the end user (whether an individual, or a 
single entity) has received, read, and accepted the terms of the Microsoft License Agreement for that product. 
OEMs may not specify this key on machines being sold to end users. 


Additional References 


e Command-Line Syntax Key 


winpop 
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Winpop is deprecated, and is not guaranteed to be supported in future releases of Windows. 


This tool is included in Windows Server 2003. For more information, see winpop. 


winrs 
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Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 
Server 2012 R2, Windows Server 2012 


Windows remote Management allows you to manage and execute programs remotely. 


Syntax 


winrs [/<parameter>[:<value>]] <command> 


Parameters 


PARAMETER DESCRIPTION 


/remote:<endpoint> Specifies the target endpoint using a NetBIOS name or the 
standard connection: 


- : [<transport>://|<target>[:<port>] 


if not specified, /r:localhost is used. 


/unencrypted Specifies that the messages to the remote shell will not be 
encrypted. This is useful for troubleshooting or when the 
network traffic is already encrypted using ipsec, or when 
physical security is enforced. 


By default, the messages are encrypted using Kerberos or 
NTLM keys. 


This command-line option is ignored when HTTPS 
transport is selected. 


/username:<username> Specifies username on command line. 
if not specified, the tool will use Negotiate authentication 
or prompt for the name. 


if username is specified, /password must also be 
specified. 


/password:< password> Specifies password on command line. 


if password is not specified but /username is, the tool 
will prompt for the password. 


if /password is specified, /username must also be 
specified. 


/timeout:<seconds> This option is deprecated. 


PARAMETER 


/directory:<path> 


/environment:<string> = 


/noecho 


/noprofile 


/allowdelegate 


/compression 


/usessl 


P? 


Remarks 


DESCRIPTION 


Specifies starting directory for remote shell. 


if not specified, the remote shell will start in the user's 
home directory defined by the environment variable 
%USERPROFILE%. 


Specifies a single environment variable to be set when shell 
starts, which allows changing default environment for shell. 


Multiple occurrences of this switch must be used to 
specify multiple environment variables. 


Specifies that echo should be disabled. This may be necessary 
to ensure that user's answers to remote prompts are not 
displayed locally. 


By default echo is on. 


Specifies that the user's profile should not be loaded. 


By default, the server will attempt to load the user profile. 


if the remote user is not a local administrator on the 
target system, then this option will be required (the 
default will result in error). 


Specifies that the user's credentials can be used to access a 
remote share, for example, found on a different machine than 
the target endpoint. 


Turn on compression. Older installations on remote machines 
may not support compression so it is off by default. 

Default setting is off since older installations on remote 
machines may not support compression. 


Use an SSL connection when using a remote endpoint. 
Specifying this instead of the transport https: will use the 
default WinRM default port. 


Displays help at the command prompt. 


e All command-line options accept either short form or long form. For example both /r and /remote are valid. 


e To terminate the /remote command, the user can type Ctrl-C or Ctrl-break, which will be sent to the remote 


shell. The second Ctrl-C will force termination of winrs.exe. 


e To manage active remote shells or winrs configuration, use the WinRM tool. The URI alias to manage active 


shells is shell/cmd. The URI alias for winrs configuration is winrm/config/winrs. 


Examples 


winrs /r:https://contoso.com command 


winrs 


winrs 


winrs 


winrs 


winrs 


winrs 


winrs 


winrs 


winrs 


winrs 


rs 


På 


Jr; 


rs 


På 


rs 


dr: 


(Ps 


urs 


fr: 


contoso.com /usessl command 


myserver command 


http://127.0.@.1 command 


http://169.51.2.101:80 /unencrypted command 


:https://[::FFFF:129.144.52.38] command 


http://[1989:0:0:0:8:800:200C:417A]:8Ø command 


https://contoso.com /t:60@ /u:administrator /p:$%fgh7 ipconfig 


myserver /env:path=*%path*%;c:\tools /env:TEMP=d:\temp config.cmd 


myserver netdom join myserver /domain:testdomain /userd:johns /passwordd:$%fgh789 


myserver /ad /u:administrator /p:$%fgh7 dir \\anotherserver\share 


Additional References 


e Command-Line Syntax Key 


winsat mem 
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Tests system memory bandwidth in a manner reflective of large memory to memory buffer copies, as are used in 
multimedia processing. 


Syntax 


winsat mem <parameters> 


Parameters 


PARAMETER DESCRIPTION 


-up Force memory testing with only one thread. The default is to 
run one thread per physical CPU or core. 


-rn Specify that the assessment's threads should run at normal 
priority. The default is to run at priority 15. 


-nc Specify that the assessment should allocate memory and flag 
it as un-cached. This means that the processor's caches will be 
bypassed for copy operations. The default is to run in cached 
space. 


-do <n> Specify the distance, in bytes, between the end of the source 
buffer and the beginning of the destination buffer. The default 
is 64 bytes. The maximum allowable destination offset is 
16MB. Specifying an invalid destination offset will result in an 
error. 

Note: Zero is a valid value for <n>, but negative numbers are 
not. 


-mint <n> Specify the minimum run time in seconds for the assessment. 
The default is 2.0. The minimum value is 1.0. The maximum 
value is 30.0. 
Note: Specifying a -mint value greater than the -maxt value 
when the two parameters are used in combination will result 
in an error. 


-maxt <n> Specify the maximum run time in seconds for the assessment. 
The default is 5.0. The minimum value is 1.0. The maximum 
value is 30.0. If used in combination with the -mint 
parameter, the assessment will begin to do periodic statistical 
checks of its results after the period of time specified in -mint. 
If the statistical checks pass, then the assessment will finish 
before the period of time specified in -maxt has elapsed. If 
the assessment runs for the period of time specified in -maxt 
without satisfying the statistical checks, then the assessment 
will finish at that time and return the results it has collected. 


PARAMETER DESCRIPTION 


-buffersize <n> Specify the buffer size that the memory copy test should use. 
Twice this amount will be allocated per CPU, which determines 
the amount of data copied from one buffer to another. The 
default is 16MB. This value is rounded to the nearest 4 KB 
boundary. The maximum value is 32MB. The minimum value is 
4 KB. Specifying an invalid buffer size will result in an error. 


-v Send verbose output to STDOUT, including status and 
progress information. Any errors will also be written to the 
command window. 


-xml <file name> Save the output of the assessment as the specified XML file. If 
the specified file exists, it will be overwritten. 


-idiskinfo Save information about physical volumes and logical disks as 
part of the <SystemConfig> section in the XML output. 


-iguid Create a globally unique identifier (GUID) in the XML output 
file. 
-note note text Add the note text to the <note> section in the XML output 
file. 
-icn Include the local computer name in the XML output file. 
-eef Enumerate extra system information in the XML output file. 
Examples 


e Toruns the assessment for a minimum of 4 seconds and no longer than 12 seconds, using a 32MB buffer size 
and saving the results in XML format to the file memtest.xml. 


winsat mem -mint 4.0 -maxt 12.0 -buffersize 32MB -xml memtest.xml 


Remarks 


e Membership in the local Administrators group, or equivalent, is the minimum required to use winsat. The 
command must be executed from an elevated command prompt window. 


e To open an elevated command prompt window, click Start, click Accessories, right-click Command Prompt, 
and click Run as administrator. 


Additional References 


winsat mfmedia 
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Measures the performance of video decoding (playback) using the Media Foundation framework. 


Syntax 


winsat mfmedia <parameters> 


Parameters 

PARAMETERS DESCRIPTION 

-input <file name> Required: Specify the file containing the video clip to be played 
or encoded. The file can be in any format that can be rendered 
by Media Foundation. 

-dumpgraph Specify that the filter graph should be saved to a GraphEdit- 
compatible file before the assessment starts. 

-ns Specify that the filter graph should run at the normal playback 
speed of the input file. By default, the filter graph runs as fast 
as possible, ignoring presentation times. 

-play Run the assessment in decode mode and play any supplied 
audio content in the file specified in -input using the default 
DirectSound device. By default, audio playback is disabled. 

-nopmp Do not make use of the Media Foundation Protected Media 
Pipeline (MFPMP) process during the assessment. 

-pmp Always make use of the MFPMP process during the 
assessment. 

Note: If -pmp or -nopmp is not specified, MFPMP will be 
used only when necessary. 

-v Send verbose output to STDOUT, including status and 
progress information. Any errors will also be written to the 
command window. 

-xml <file name> Save the output of the assessment as the specified XML file. If 
the specified file exists, it will be overwritten. 

-idiskinfo Save information about physical volumes and logical disks as 
part of the <SystemConfig> section in the XML output. 

-iguid Create a globally unique identifier (GUID) in the XML output 
file. 

-note note text Add the note text to the <note> section in the XML output 


file. 


PARAMETERS DESCRIPTION 


-icn Include the local computer name in the XML output file. 
-eef Enumerate extra system information in the XML output file. 
Examples 


e To runs the assessment with the input file that is used during a winsat formal assessment, without employing 
the Media Foundation Protected Media Pipeline (MFPMP), on a computer where c:\windows is the location of 
the Windows folder. 


winsat mfmedia -input c:\windows\performance\winsat\winsat.wmv -nopmp 


Remarks 


e Membership in the local Administrators group, or equivalent, is the minimum required to use winsat. The 
command must be executed from an elevated command prompt window. 


@ To open an elevated command prompt window, click Start, click Accessories, right-click Command Prompt, 
and click Run as administrator. 


Additional References 


wmic 
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Displays WMI information inside an interactive command shell. 


Syntax 


wmic </parameter> 


Sub-commands 


The following sub-commands are available at all times: 
SUB-COMMAND DESCRIPTION 


class Escapes from the default alias mode of WMIC to access classes 
in the WMI schema directly. 


path Escapes from the default alias mode of WMIC to access 
instances in the WMI schema directly. 


context Displays the current values of all global switches. 
[quit | exit] Exits the WMIC command shell. 
Examples 


To display the current values of all global switches, type: 


wmic context 


Output similar to the following displays: 


NAMESPACE : root\cimv2 
ROLE : root\cli 
NODE(S) : BOBENTERPRISE 
IMPLEVEL : IMPERSONATE 
[AUTHORITY : N/A] 
AUTHLEVEL : PKTPRIVACY 
LOCALE : ms_4@9 
PRIVILEGES : ENABLE 
TRACE 2 ORE 

RECORD : N/A 
INTERACTIVE : OFF 
FAILFAST : OFF 

OUTPUT : STDOUT 
APPEND : STDOUT 
USER : N/A 
AGGREGATE : ON 


To change the language ID used by the command line to English (locale ID 409), type: 


wmic /locale:ms 409 


Additional References 


e Command-Line Syntax Key 


writer 
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Verifies that a writer or component is included or excludes a writer or component from the backup or restore 
procedure. If used without parameters, writer displays help at the command prompt. 


Syntax 


writer verify [writer> | <component>] 
writer exclude [<writer> | <component>] 


Parameters 
PARAMETER DESCRIPTION 
verify Verifies that the specified writer or component is included in 
the backup or restore procedure. The backup or restore 
procedure will fail if the writer or component is not included. 
exclude Excludes the specified writer or component from the backup 
or restore procedure. 
Examples 


To verify a writer by specifying its GUID (for this example, 4dc3bdd4-ab48-4d07 -adb0-3bee2926fd7f), type: 
writer verify (4dc3bdd4-ab48-4dØ7-adbØ-3bee2926fd7f) 
To exclude a writer with the name System Writer, type: 


writer exclude System Writer 


Additional References 


e Command-Line Syntax Key 


wscript 
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Windows Script Host provides an environment in which users can execute scripts in a variety of languages that use 
a variety of object models to perform tasks. 


Syntax 


wscript [<scriptname>] [/b] [/d] [/e:<engine>] [{/h:cscript|/h:wscript}] [/i] [/job:<identifier>] 
[{/logo|/nologo}] [/s] [/t:<number>] [/x] [/?] [<ScriptArguments>] 


Parameters 


PARAMETER DESCRIPTION 
scriptname Specifies the path and file name of the script file. 


/b Specifies batch mode, which does not display alerts, scripting 
errors, or input prompts. This is the opposite of /i. 


/d Starts the debugger. 


/e Specifies the engine that is used to run the script. This lets you 
run scripts that use a custom file name extension. Without the 
/e parameter, you can only run scripts that use registered file 
name extensions. For example, if you try to run this 
command: 

cscript test.admin 
You will receive this error message: Input Error: There is no 
script engine for file extension .admin. 
One advantage of using nonstandard file name extensions is 
that it guards against accidentally double-clicking a script and 
running something you really did not want to run. 
This does not create a permanent association between the 
.admin file name extension and VBScript. Each time you run a 
script that uses a .admin file name extension, you will need to 
use the /e parameter. 


/h:cscript Registers cscript.exe as the default script host for running 
scripts. 


/h:wscript Registers wscript.exe as the default script host for runnin 
g p g 
scripts. This is the default when the /h option is omitted. 


fi Specifies interactive mode, which displays alerts, scripting 
errors, and input prompts. 
This is the default and the opposite of /b. 


/job:< identifier > Runs the job identified by identifier in a .wsf script file. 


/logo Specifies that the Windows Script Host banner is displayed in 
the console before the script runs. 
This is the default and the opposite of /nologo. 


PARAMETER DESCRIPTION 


/nologo Specifies that the Windows Script Host banner is not displayed 
before the script runs. This is the opposite of /logo. 


/s Saves the current command prompt options for the current 
user. 
/t:<number> Specifies the maximum time the script can run (in seconds). 


You can specify up to 32,767 seconds. 
The default is no time limit. 


/x Starts the script in the debugger. 


ScriptArguments Specifies the arguments passed to the script. Each script 
argument must be preceded by a slash (/). 


R Displays Help at the command prompt. 


Remarks 


Performing this task does not require you to have administrative credentials. Therefore, as a security best 
practice, consider performing this task as a user without administrative credentials. 

To open a command prompt, on the Start screen, type cmd, and then click command prompt. 

Each parameter is optional; however, you cannot specify script arguments without specifying a script. If you do 
not specify a script or any script arguments, wscript.exe displays the Windows Script Host Settings dialog 
box, which you can use to set global scripting properties for all scripts that wscript.exe runs on the local 
computer. 

The /t parameter prevents excessive running of scripts by setting a timer. When the time exceeds the specified 
value, wscript interrupts the script engine and ends the process. 

Windows script files usually have one of the following file name extensions: .wsf, .vbs, .js. 

If you double-click a script file with an extension that has no association, the Open With dialog box appears. 
Select wscript or cscript, and then select Always use this program to open this file type. This registers 
wscript.exe or cscript.exe as the default script host for files of this file type. 

You can set properties for individual scripts. See Windows Script Host overview for more information. 
Windows Script Host can use .wsf script files. Each .wsf file can use multiple scripting engines and perform 
multiple jobs. 


Additional References 


Command-Line Syntax Key 


eeo 
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Copies files and directories, including subdirectories. 


For examples of how to use this command, see Examples. 


Syntax 


Xcopy <Source> [<Destination>] [/w] [/p] [/c] [/v] [/q] [/f] [/1] [/g] [/d [:mM-DD-YYYY]] [/u] [/i] [/s [/e]] 
{/t] [/k] [/r] [/h] [{/a | /m}] [/n] [/o] [/x] [/exclude:FileName1[+[FileName2]][+[FileName3]] [{/y | /-y}] 
[/z] [/5] [/j] 


Parameters 

PARAMETER DESCRIPTION 

<Source> Required. Specifies the location and names of the files you 
want to copy. This parameter must include either a drive or a 
path. 

[<Destination>] Specifies the destination of the files you want to copy. This 
parameter can include a drive letter and colon, a directory 
name, a file name, or a combination of these. 

/W Displays the following message and waits for your response 
before starting to copy files: 

Press any key to begin copying file(s) 

/p Prompts you to confirm whether you want to create each 
destination file. 

/c Ignores errors. 

N Verifies each file as it is written to the destination file to make 
sure that the destination files are identical to the source files. 

/q Suppresses the display of xcopy messages. 

/f Displays source and destination file names while copying. 

Å Displays a list of files that are to be copied. 

/9 Creates decrypted Destination files when the destination 
does not support encryption. 

/d [MM-DD-YYYY] Copies source files changed on or after the specified date 


only. If you do not include a MM-DD-YYYY value, xcopy 
copies all Source files that are newer than existing Destination 
files. This command-line option allows you to update files that 
have changed. 


PARAMETER 


/u 


/i 


/s 


/e 


/t 


/k 


fr 


/h 


/a 


/m 


/n 


/o 


/X 


DESCRIPTION 


Copies files from Source that exist on Destination only. 


If Source is a directory or contains wildcards and Destination 
does not exist, xcopy assumes Destination specifies a 
directory name and creates a new directory. Then, xcopy 
copies all specified files into the new directory. By default, 
xcopy prompts you to specify whether Destination is a file or 
a directory. 


Copies directories and subdirectories, unless they are empty. 
If you omit /s, xcopy works within a single directory. 


Copies all subdirectories, even if they are empty. Use /e with 
the /s and /t command-line options. 


Copies the subdirectory structure (that is, the tree) only, not 
files. To copy empty directories, you must include the /e 
command-line option. 


Copies files and retains the read-only attribute on Destination 
files if present on the Source files. By default, xcopy removes 
the read-only attribute. 


Copies read-only files. 


Copies files with hidden and system file attributes. By default, 
xcopy does not copy hidden or system files 


Copies only Source files that have their archive file attributes 
set. /a does not modify the archive file attribute of the source 
file. For information about how to set the archive file attribute 
by using attrib, see Additional References. 


Copies Source files that have their archive file attributes set. 
Unlike /a, /m turns off archive file attributes in the files that 
are specified in the source. For information about how to set 
the archive file attribute by using attrib, see Additional 
References. 


Creates copies by using the NTFS short file or directory 
names. /n is required when you copy files or directories from 
an NTFS volume to a FAT volume or when the FAT file system 
naming convention (that is, 8.3 characters) is required on the 
Destination file system. The Destination file system can be FAT 
or NTFS. 


Copies file ownership and discretionary access control list 
(DACL) information. 


Copies file audit settings and system access control list (SACL) 
information (implies /o). 


PARAMETER DESCRIPTION 


/exclude:FileNamet [+ [FileName2][+ [FileName3]()] Specifies a list of files. At least one file must be specified. Each 
file will contain search strings with each string on a separate 
line in the file. 

When any of the strings match any part of the absolute path 
of the file to be copied, that file will be excluded from being 
copied. For example, specifying the string obj will exclude all 
files underneath the directory obj or all files with the .obj 
extension. 


/y Suppresses prompting to confirm that you want to overwrite 
an existing destination file. 


/-y Prompts to confirm that you want to overwrite an existing 
destination file. 


/z Copies over a network in restartable mode. 


/b Copies the symbolic link instead of the files. This parameter 
was introduced in Windows Vista®). 


Å Copies files without buffering. Recommended for very large 
files. This parameter was added in Windows Server 2008 R2. 


1? Displays help at the command prompt. 


Remarks 


Using /z 


If you lose your connection during the copy phase (for example, if the server going offline severs the 
connection), it resumes after you reestablish the connection. /z also displays the percentage of the copy 
operation completed for each file. 


Using /y in the COPYCMD environment variable. 


You can use /y in the COPYCMD environment variable. You can override this command by using /-y on the 


command line. By default, you are prompted to overwrite. 
Copying encrypted files 


Copying encrypted files to a volume that does not support EFS results in an error. Decrypt the files first or 
copy the files to a volume that does support EFS. 


Appending files 


To append files, specify a single file for destination, but multiple files for source (that is, by using wildcards 
or file1 +file2 +file3 format). 


Default value for Destination 
If you omit Destination, the xcopy command copies the files to the current directory. 
Specifying whether Destination is a file or directory 


If Destination does not contain an existing directory and does not end with a backslash (), the following 


message appears: 


Does <Destination> specify a file name or directory name on the target(F = file, D = directory)? 


Press F if you want the file or files to be copied to a file. Press D if you want the file or files to be copied to a 
directory. 


You can suppress this message by using the /i command-line option, which causes xcopy to assume that the 
destination is a directory if the source is more than one file or a directory. 


e Using the xcopy command to set archive attribute for Destination files 


The xcopy command creates files with the archive attribute set, whether or not this attribute was set in the 
source file. For more information about file attributes and attrib, see Additional References. 


e Comparing xcopy and diskcopy 


If you have a disk that contains files in subdirectories and you want to copy it to a disk that has a different 
format, use the xcopy command instead of diskcopy. Because the diskcopy command copies disks track 
by track, your source and destination disks must have the same format. The xcopy command does not 
have this requirement. Use xcopy unless you need a complete disk image copy. 


e Exit codes for xcopy 


To process exit codes returned by xcopy, use the ErrorLevel parameter on the if command line in a batch 
program. For an example of a batch program that processes exit codes using if, see Additional References. 
The following table lists each exit code and a description. 


EXIT CODE DESCRIPTION 

0 Files were copied without error. 

1 No files were found to copy. 

2 The user pressed CTRL+C to terminate xcopy. 

4 Initialization error occurred. There is not enough memory 


or disk space, or you entered an invalid drive name or 
invalid syntax on the command line. 


5 Disk write error occurred. 
Examples 
1. To copy all the files and subdirectories (including any empty subdirectories) from drive A to drive B, type: 
xcopy a: b: /s /e 
2. To include any system or hidden files in the previous example, add the/h command-line option as follows: 
xcopy a: b: /s /e /h 


3. To update files in the \Reports directory with the files in the \Rawdata directory that have changed since 
December 29, 1993, type: 


xcopy \rawdata \reports /d:12-29-1993 


4. To update all the files that exist in \Reports in the previous example, regardless of date, type: 


xcopy \rawdata \reports /u 


5. To obtain a list of the files to be copied by the previous command (that is, without actually copying the files), 


type: 


xcopy \rawdata \reports /d:12-29-1993 /1 > xcopy.out 


The file xcopy.out lists every file that is to be copied. 


6. To copy the \Customer directory and all subdirectories to the directory \\Public\Address on network drive Hi, 
retain the read-only attribute, and be prompted when a new file is created on H:, type: 


xcopy \customer h:\public\address /s /e /k /p 


7. To issue the previous command, ensure that xcopy creates the \Address directory if it does not exist, and 


suppress the message that appears when you create a new directory, add the /i command-line option as follows: 


xcopy \customer h:\public\address /s /e /k /p /i 


8. You can create a batch program to perform xcopy operations and use the batch if command to process the exit 
code if an error occurs. For example, the following batch program uses replaceable parameters for the xcopy 


source and destination parameters: 


@echo off 

rem COPYIT.BAT transfers all files in all subdirectories of 
rem the source drive or directory (%1) to the destination 
rem drive or directory (%2) 

xcopy %1 %2 /s /e 

if errorlevel 4 goto lowmemory 

if errorlevel 2 goto abort 

if errorlevel @ goto exit 

: lowmemory 

echo Insufficient memory to copy files or 

echo invalid drive or command-line syntax. 

goto exit 

:abort 

echo You pressed CTRL+C to end the copy operation. 

goto exit 

:exit 


To use the preceding batch program to copy all files in the CAPrgmcode directory and its subdirectories to drive B, 


type: 


copyit c:\prgmcode b: 


The command interpreter substitutes C:\Prgmcode for %7 and B: for %2, then uses xcopy with the /e and /s 
command-line options. If xcopy encounters an error, the batch program reads the exit code and goes to the label 
indicated in the appropriate IF ERRORLEVEL statement, then displays the appropriate message and exits from 
the batch program. 


9. This example copies all the non-empty directories, plus files whose name match the pattern given with the 
asterisk symbol. 


xcopy' -Ntoc*.yml «NS -NEOpy=TON /S /Y. 


rem Output example. 
rem .\d1\toc.yml 

rem .\d1\d12\toc.yml 
rem .\d2\toc.yml 

rem 3 File(s) copied 


In the preceding example, this particular source parameter value .\toc*.yml copies the same 3 files even if its two 
path characters .\ were removed. However, no files would be copied if the asterisk wildcard was removed from 
the source parameter, making it just .\toc.yml. 


Additional References 


e Copy 

e Move 

e Dir 

e Attrib 

e Diskcopy 
e if 


e Command-Line Syntax Key 


